UnixWare 7.1.4 Maintenance Pack 4 Release Notes Dear SCO Customer, UnixWare 7.1.4 Maintenance Pack 4 (MP4) is a required update for your UnixWare 7.1.4 system and should be applied at your next maintenance period. This Maintenance Pack contains updated features, fixes, and security updates as well as all the features and fixes delivered in previous UnixWare 7.1.4 Maintenance Packs. Contents §1: Before Installing the Maintenance Pack §2: Installing the Maintenance Pack §3: After Installing the Maintenance Pack §4: Maintenance Pack Notes and Limitations §5: Custom CD Creation Instructions §6: Removing the Maintenance Pack §7: Highlights of this Maintenance Pack §7.1: Maintenance Pack 1 Highlights §7.2: Maintenance Pack 2 Highlights §7.3: Maintenance Pack 3 Highlights §7.4: Maintenance Pack 4 Highlights §8: Problems Fixed in this Maintenance Pack §8.1: Problems Fixed in Maintenance Pack 1 §8.2: Problems Fixed in Maintenance Pack 2 §8.3: Problems Fixed in Maintenance Pack 3 §8.4: Problems Fixed in Maintenance Pack 4 §9: Copyrights ------------------------------------------------------------------------ §1: Before Installing the Maintenance Pack Please read the following notes and recommendations before you begin installing the Maintenance Pack. 1. MP4 Documentation In addition to these installation and release notes, the /info directory on the UnixWare 7.1.4 MP4 CD provides additional documentation. In particular, that directory provides this document in txt, html, and pdf formats; HBA and NICs device driver README files; Java release notes; and additional Samba configuration information (as outlined in the Samba Environment portion of the §7.4: Maintenance Pack 4 Highlights section). 2. MP4 Prerequisite The UnixWare 7.1.4 Maintenance Pack 4 should only be installed on: UnixWare 7.1.4 3. OS Upgrades If you are performing an in place upgrade to UnixWare 7.1.4 from UnixWare 7.1.1, UnixWare 7.1.2 (Open UNIX 8.0.0), or UnixWare 7.1.3, you must be sure to reboot the system after upgrading to Release 7.1.4 and before installing this maintenance pack. 4. Back Up Your System Perform a full backup of your system and verify the integrity of the backup before you install the Maintenance Pack. It is always a good idea to have a full system backup available before beginning any system update procedure. 5. UnixWare 7.1.4 MP4 Version Information The maintenance pack consists of the Maintenance Pack Set, plus a number of updated packages that are separate from the Maintenance Pack Set, as shown in the following table. A green version number in the table indicates when a new version of a package was introduced. uw714mp4 - UnixWare 7.1.4 Maintenance Pack 4 Set The uw714mp4 set installs these seven packages: Package Name and post Description UW714 MP1 MP2 MP3 MP3 MP4 UnixWare 7.1.4 1 uw714m4 Maintenance 7.1.4 Pack 4 UnixWare 2 libC Runtime C++ 8.0.2 8.0.2d Library 3 libc Runtime C 8.0.2 8.0.2a 8.0.2b 8.0.2c 8.0.2e Library 4 libthread Runtime Thread 8.0.2 8.0.2a 8.0.2a 8.0.2a 8.0.2b Library Pluggable 5 pam Authentication New in MP1 0.77 0.77 0.77a 0.77c Modules UDI 1.01 6 udienv Runtime 8.0.2 8.0.2c 8.0.2d Environment 7 usb USB 2.0 8.0.2 8.0.2c 8.0.2c Drivers UnixWare Packages These packages and the Open Source packages that follow can be installed after you install uw714mp4: Package Name and post Description UW714 MP1 MP2 MP3 MP3 MP4 Network Infrastructure 1 nics and 8.0.2 8.0.2a 8.0.2b 8.0.2c 8.0.2d Configuration Subsystem 2 nd Network 8.0.2 8.0.2b 8.0.2c 8.0.2f Drivers Lightweight Directory 3 ldap Access 8.0.1 8.0.1a 8.0.1a 8.0.1a Protocol services Runtime 4 libosr OpenServer 8.0.2 8.0.2a 8.0.2a 8.0.2a Libraries OUDK 5 uccs Optimizing C 8.0.2 8.0.2a 8.0.2b 8.0.2c 8.0.2d Compilation System Updated Guides 6 uw7mpdoc and Manual New in MP1 7.1.4a 7.1.4a 7.1.4a 7.1.4a Pages 7 basex X11R6 Base X 8.0.2 8.0.2a 8.0.2b 8.0.2c Runtime System 8 xserver X11R6 X Server 8.0.2 8.0.2a 8.0.2b 8.0.2c 8.0.2e 9 xclients X11R6 X 8.0.2 8.0.2a 8.0.2.a 8.0.2.a Clients X11R6 10 xcontrib Contributed X 8.0.2 8.0.2a 8.0.2b 8.0.2c 8.0.2c Clients 11 xdrivers X11R6 Graphics 8.0.2 8.0.2a 8.0.2b 8.0.2b Drivers Java 2 SE 12 j2jre131 1.3.1 Runtime 1.3.1.10 1.3.1.22 Environment Java 2 SE 13 j2sdk131 1.3.1 Software 1.3.1.10 1.3.1.22 Development Kit Java 2 SE 14 j2plg131 1.3.1 Java 1.3.1.10 1.3.1.22 Plug-in Java 2 SE 15 j2pls131 1.3.1 Demos & 1.3.1.10 1.3.1.22 Debug Java 2 SE 16 j2jre142 1.4.2 Runtime 1.4.2.03 1.4.2.17 Environment Java 2 SE 17 j2sdk142 1.4.2 Software 1.4.2.03 1.4.2.17 Development Kit Java 2 SE 18 j2plg142 1.4.2 Java 1.4.2.03 1.4.2.17 Plug-in Java 2 SE 5.0 19 j2jre150 Runtime New in MP4 1.5.0.15 Environment Java 2 SE 5.0 20 j2sdk150 Software New in MP4 1.5.0.15 Development Kit 21 j2plg150 Java 2 SE 5.0 New in MP4 1.5.0.15 Java Plug-in Open Source Packages Package Name and post Description UW714 MP1 MP2 MP3 MP3 MP4 General 1 zlib Purpose Data 1.2.1 1.2.1-01 1.2.3 1.2.3 Compression Library 2 openssl OpenSSL 0.9.7c 0.9.7d 0.9.7d 0.9.7i 0.9.7ia 3 openssld OpenSSL 0.9.7c 0.9.7d 0.9.7d 0.9.7i 0.9.7i Documentation 4 db Berkeley DB 4.1 4.1.25 4.4.20 4.4.20 Library PNG (Portable 5 libpng Network 1.2.5 1.2.7 1.2.7 1.2.12a Graphics) Library 6 tiff TIFF Library 3.5.7 3.7.3 3.7.3 and Utilities 7 gs ESP 7.05.6 7.07.1 7.07.1-02 Ghostscript Common Unix 8 cups Printing 1.1.19-01 1.1.19-02 1.1.19-03 1.1.19-03 1.3.3 System Foomatic 9 foomatic Filters and 3.0.0-01 3.0.0-02 3.0.2 3.0.2 3.0.2 PPDs 10 hpijs HP Inkjet 1.5 1.5-01 1.5-02 1.5-02 1.5-02 Printer Driver GNU file 11 gzip compression 1.2.4 1.3.5 1.3.5 utilities Cdrtools A set 12 cdrtools of tools for 2.01a27 7.1.4 7.1.4 CD/DVD (2.01.01a01) (2.01.01a01) Recorders 13 openssh Open Secure 3.7.1p2 3.8.1p1 3.9p1-01 4.2p1 4.6p1 Shell OpenLDAP 14 openldap Software 2.1.22 2.1.22-01 2.3.27 2.3.27 Suite(*) 15 samba Samba(**) 3.0.0 3.0.4 3.0.10 3.0.10 3.0.24 3.0.24-01 16 squid Squid Caching 2.4.STABLE7 2.5.STABLE7 2.5.STABLE12 2.5.STABLE12 Proxy Server mod_jk Apache 17 modjk Tomcat New in MP4 1.2.25-03 1.2.25-03 Connector*** MySQL 18 MySQL multithreaded 3.23.49 4.1.11 5.0.19 5.0.19 SQL database server 19 mozilla Mozilla 1.7.12 1.2.1b 1.7.12 1.7.13a 20 ipf IP Filter New in MP2 4.1.3 4.1.3a 4.1.3a Common Unix Printing 21 cupsdev System 1.1.19 1.3.3 Development Environment Common Unix Printing 22 cupsle System New in MP4 1.3.3 Language Extension 23 curl cURL 7.10.3-2 7.15.1 Heimdal New in 24 heimdal Kerberos 5 Samba 0.6.6 0.6.6 Implementation Supplement javasoap - Apache Axis SOAP Web 25 javasoap Services and 1.0 1.2 Apache Xerces-J XML Parser 26 jpeg JPEG Library 6b 6b and Utilities 27 mplayer MPlayer - New in MP4 1.0 1.0 movie player Open Service 28 openslp Location 1.0.6a 1.0.6a Protocol The Perl 29 perl Programming 5.8.3 5.8.8 5.8.8a Language Additional 30 perlmods Modules for 5.8.3 5.8.8 5.8.8 Perl PostgreSQL 31 pgsql Database 7.4.2 8.2.6-01 Management System New in 32 readline GNU Readline Samba 5.1 5.1 Library Supplement 33 sasl Cyrus-SASL New in MP4 2.1.22 34 sendmail Sendmail New in MP4 8.13.8 tomcat - Apache Tomcat 35 tomcat app server for 4.1.30 4.1.31 4.1.31-01 Java servlets, JSP, web services HBA Packages (install separately) Package Name and UW714 UW714 post Description FCS HBA CD MP1/MP2 MP3 MP3 MP4 CD #1 aacraid - Adaptec 1 aacraid AACRAID Family 8.0.2 8.0.3 8.0.3 PCI SCSI IHV HBA adp94xx - 2 adp94xx Adaptec SAS 1.4 1.4 HostRaid HBA 3 ahci ahci - AHCI 1.2 1.2 HBA Driver ide - Generic 4 ide IDE/ATAPI 7.1.3b 7.1.4a 7.1.4g 7.1.4g Driver mega - LSI 5 mega Logic MegaRAID 8.0.2 8.0.3b 8.0.3b HBA megasas - LSI 6 megasas Logic MegaRAID 1.1 1.1 SAS HBA mpt - LSI 7 mpt Logic MPT IHV 8.0.1 8.0.2 8.1.0 8.1.0 HBA * The OpenLDAP package for both the Samba supplement (a post UnixWare 7.1.4 MP3 supplement that is superseded by UnixWare 7.1.4 MP4) and MP4 includes three distributions: openldap; pam_ldap-180 (also provided in MP3); and nss_ldap-257. ** The samba package, as of the Samba Supplement and MP4, includes the Samba and smbldap-tools version 0.9.2 distributions. *** UnixWare 7.1.4 MP4 provides the modjk package for the first time. modjk replaces the earlier modjk1, "mod_jk2 for Apache 1," package. The modjk1 package (version 2.0.4) was introduced in UnixWare 7.1.4 MP1 and provided in UnixWare 7.1.4 MP2 and MP3. NOTES: 1. Upgrading sendmail is highly recommended. However, to install sendmail for the first time several prerequisite packages must also be installed (openssl, db, openldap, and sasl). If these packages are not installed on your system, or prior versions of these packages are installed, then by default install.sh automatically selects these packages for installation. 2. Also included on the UnixWare 7.1.4 MP4 media are copies of these packages from the UnixWare 7.1.4 media: inet, urwfonts, glib, gtk, and libIDL. These packages are unchanged from the original UnixWare 7.1.4 release and are provided here as a convenience. These five packages are prerequisites for some the packages provided in UnixWare 7.1.4 MP4. If you do not have these packages installed on your system, and need them to install UnixWare 7.1.4 MP4 packages that you select, then the install.sh script below will install these packages for you. 3. install.sh can be run multiple times. Packages that are already installed are not displayed in the install.sh package selection menu. This allows you to see which additional packages from the MP CD are available for installation. If for some reason you need to reinstall the same version of a package that is already on your system, then run # install.sh where is the name of the package you are reinstalling. For example, if you have already installed version 2.3.27 of the openldap package, running # install.sh with no arguments will not display openldap in the package selection menu. Therefore, if you want to reinstall openldap version 2.3.27 over itself, issue the command # install.sh openldap 6. Superseded UnixWare 7.1.4 Supplements This maintenance pack supersedes and obsoletes: o These prior maintenance packages and patches: uw714mp1 UnixWare 7.1.4 Maintenance Pack 1 Set uw714mp2 UnixWare 7.1.4 Maintenance Pack 2 Set uw714mp3 UnixWare 7.1.4 Maintenance Pack 3 Set ptf9050 UnixWare 7.1.4 Licensing Supplement ptf9051 UnixWare 7.1.4 Maintenance Pack 2 Supplement ptf9052 ptf9052 - UnixWare 7.1.4 Maintenance Pack 3 Supplement ptf9053 ptf9053 - UnixWare Australia Timezone Update ptf9054 ptf9054 - UnixWare 7.1.4 Processor Licensing Update These packages and sets do not need to be removed prior to installing uw714mp4; the uw714mp4 installation locks down these packages so that they are no longer removable. o The UnixWare 7.1.4 MP3 USB Supplement. o The UnixWare 7.1.4 MP3 Samba Supplement. o UnixWare 7.1.4 MP4 also locks down additional escalation and security patches issued prior to the completion of UnixWare 7.1.4 MP4. 7. MP4 Installation Script An install.sh script is provided to simplify installation, as described in the §2: Installing the Maintenance Pack section below. Use of this script is highly recommended. The install.sh script installs the following: o The uw714mp4 set. Installing uw714mp4 will update the libc, libC, and libthread runtime libraries; the uw714m4 patch; the required pam package; and update the udi and udiusb device drivers packages. The runtime libraries and device driver packages, once installed, are not removable. o The uw7mpdoc package. o Newer versions of the updated packages listed above, provided either: + earlier versions of these packages are already installed on your system or + the package is a prerequisite for another package that you are installing. Alternatively, with care you can install packages individually. Note that this can be time consuming since many packages depend on other packages. So, in addition to the packages you want to install, you need to determine which prerequisite packages must be installed. Then you need to determine the order to install all these packages. install.sh simplifies this process for you by accounting for all these permutations. If you did not install some of the above packages when initially installing UnixWare 7.1.4, you can do so using the install.sh script. You do not need to first install the original UnixWare 7.1.4 versions. Please refer to the §2: Installing the Maintenance Pack section below. 8. Customize MP4 Installation Script A mkiso.sh script is provided with this maintenance pack to create custom maintenance pack ISO image files and/or CDs from the original maintenance pack ISO image file or CD, as described in the Custom CD Creation Instructions section below. NOTE: o To use this feature, you need the cdrtools package installed. o To burn the custom ISO image file, you need a writable CD drive and CD Media. 9. SCO Help If your system was originally installed with a release prior to UnixWare 7.1.3 and has the obsolete scohelp package installed, we recommend removing scohelp before you add the MP. This will ensure the full benefit of the security enhancements in the MP (changes to numerous file and directory permissions). To see if scohelp is installed, enter the following shell command: # pkginfo scohelp To remove the package, enter the following two commands as root: # /etc/scohelphttp stop # pkgrm scohelp 10. Sendmail Upgrade Notes UnixWare 7.1.4 MP4 includes an upgrade to sendmail 8.13.8. In addition, 7.1.4 MP4 provides sendmail as part of a separate self-updating package, also named sendmail. Previously, sendmail was part of the base system package. Delivery of sendmail in a self-updating package carries two implications going forward: o If in the future if you remove the sendmail package, the system will restore the version of sendmail that was delivered with the 7.1.4 base system, and will restore the configuration files that were in use at the time the new sendmail package was first installed. o The new sendmail package has dependencies on several other packages, namely openssl, db, openldap, and sasl,. so those packages will be installed by default. It is possible to deselect installation of the new sendmail package, but the old sendmail hasn't been tested with UnixWare 7.1.4 MP4, and is not supported going forward. Also, the new sendmail daemon is automatically started during installation of the sendmail package unless your system has SCOoffice installed. 11. modjk1/modjk Upgrade Notes (Hipcheck related) If you previously installed the modjk1 ("mod_jk2 for Apache 1") package from the UnixWare 7.1.4 MP1, MP2, or MP3 CD, then modjk replaces modjk1. If you select to install modjk then install.sh prompts whether to remove modjk1. Removal of modjk1 does not undo changes made to the httpd.conf file as part of the installation of modjk1. As a result, /etc/apache startssl will not succeed and applications such as The SCO Mobile Hipcheck[tm] Server 1.1 may not function correctly. So if you previously installed modjk1 and are upgrading to modjk (strongly recommended), then before you upgrade, please edit the file /usr/lib/apache/conf/httpd.conf and remove these two lines: LoadModule jk2_module libexec/libmod_jk2.so AddModule mod_jk2.c 12. Tomcat and HCms/SCOms Conflict UnixWare 7.1.4's tomcat package cannot be installed on a system that is being used to run the SCO Mobile Server, either as part of the HipCheck server product (set HCms, package HCservice) or standalone (package SCOms). This is because of a conflict between the libraries and configuration information for the two Java-based application servers involved. NOTE: This also means that the HipCheck agent (package HcSCOUA), which relies upon Tomcat, cannot be installed on a system that is running the SCO Mobile Server. 13. OpenLDAP Upgrade Notes IMPORTANT: Upgrading OpenLDAP from version 2.1.22 or 2.1.22-01 to version 2.3.27 will result in any existing OpenLDAP database data no longer being accessible. To make existing data accessible, the database should be backed up before the upgrade and then restored following the upgrade. The following procedure can be used to backup an existing OpenLDAP database: A. Log in as root. B. Stop the slapd daemon, if running, to ensure a consistent backup. # kill `ps -e | grep slapd | awk '{print $1}'` C. Create an ldif backup file. # slapcat -l /var/openldap-data/openldap.ldif After the OpenLDAP upgrade, the OpenLDAP database backup can be restored using the following procedure: A. Log in as root. B. Restore configuration file changes. Note: As part of the upgrade process, the OpenLDAP configuration and schema files will be overwritten by the new default files, requiring that any changes be manually remade to /etc/openldap/*.conf and /etc/openldap/schema/*.schema. The previous versions of these files are saved with the suffix ".pre2.3.27": # ls -1 /etc/openldap DB_CONFIG.example ldap.conf ldap.conf.default ldap.conf.pre2.3.27 schema slapd.conf slapd.conf.default slapd.conf.pre2.3.27 # ls -1 /etc/openldap/schema README corba.schema corba.schema.default corba.schema.pre2.3.27 ... C. Create an empty database directory. # cd /var # mv openldap-data openldap-data.bak # mkdir openldap-data # chmod 700 openldap-data D. Restore the ldif backup file: # slapadd -l /var/openldap-data.bak/openldap.ldif A warning will display, although it doesn't affect the restoration of the database: bdb_db_open: Warning - No DB_CONFIG file found in directory /var/openldap-data: (2) Expect poor performance for suffix dc=my-domain,dc=com. DB_CONFIG.example can be used to create /var/openldap-data/DB_CONFIG, to avoid warnings as with the slapadd command above. See /usr/share/db/doc/index.html for more information. 14. PostgreSQL Upgrade Notes PostgreSQL 8.2.6 is included on the UnixWare 7.1.4 Maintenance Pack CD. This release of the PostgreSQL Database Server includes many performance and security enhancements. Systems running a prior release of PostgreSQL are encouraged to upgrade in order to take advantage of these features. However, to provide these features, PostgreSQL 8.2.6 includes a change in internal database format and is a major upgrade from PostgreSQL 7.x and PostgreSQL 8.1.3. For this reason, you must perform a dump and subsequent restore of all PostgreSQL 7.x/8.1.3 databases that you want to preserve across the upgrade. Detailed instructions on this process are provided below. To preserve data from a PostgreSQL 7.x or PostgreSQL 8.1.3 database and restore the data into a PostgreSQL 8.2.6 database on UnixWare 7, follow this procedure. 1. On the system running PostgreSQL 7.x/8.1.3, log in as the PostgreSQL super-user: # su - postgres 2. Perform a dump of the databases you wish to preserve using either pg_dumpall(1) or pg_dump(1). Backing up all databases using pg_dumpall is the recommended procedure. For example, to preserve all databases in a cluster, you could enter the shell command: $ pg_dumpall > exampledb.out To preserve only the database /exampledb/, you could enter the shell command: $ pg_dump -F c -f exampledb.out exampledb 3. Move the existing default data directory to your PostgreSQL backups directory: $ mkdir backups $ mv data backups/data-7.4.7 or $ mkdir backups $ mv data backups/data-8.1.3 4. Exit the PostgreSQL super-user account 5. Install PostgreSQL from the UnixWare 7.1.4 MP4 CD by following the instructions below in §2: Installing the Maintenance Pack. 6. Log in as the PostgreSQL super-user: # su - postgres 7. Restore the preserved databases from any previous dumps, as in this example for the database we backed up in Step 2: $ psql -f exampledb.out postgres 8. Reboot the system. Detailed documentation on backing up and restoring PostgreSQL databases is available both in the online documentation: ``Migration Between Releases'' ``Backup and Restore'' And, online at the PostgreSQL web site: http://www.postgresql.org/docs/8.2/static/migration.html http://www.postgresql.org/docs/8.2/static/backup.html 15. More Information If you have questions regarding this supplement, or the product on which it is installed, please contact your software supplier or support representative. ------------------------------------------------------------------------ §2: Installing the Maintenance Pack 1. Log in as root. 2. Do one of the following: o If you are installing the maintenance pack from CD, insert the maintenance pack CD into the primary CD drive and enter: # mount /dev/cdrom/cdrom1 /install o If you are installing this maintenance pack from the web, download the uw714mp4.iso file to your server from: http://www.sco.com/support/update/download/release.php?rid=337 In the directory where you downloaded the uw714mp4.iso file, enter: # mount `marry -a uw714mp4.iso` /install 3. Change directory to /install: # cd /install 4. Do one of the following: A. To install the required uw714mp4 set and the updated packages on your system, enter: # ./install.sh This will show you a menu screen asking whether you want to review the list of packages to be installed, or accept the default list determined by install.sh. Typically you would answer yes. If you answer yes to the first screen, you will then be shown a menu screen listing the names of the packages that are part of this maintenance pack. By default: + The following are selected for installation: uw714mp4 and any packages whose earlier versions are already installed. Additional packages that are needed to meet the package dependency requirements are also selected. + If an earlier version of a package in the MP is not already installed on your system, and that package is not needed to meet the dependency requirement of the selected packages above, then that package is not selected for installation. + If the current or a later version of a package in the MP is already installed on your system, then that package is not listed in the menu. The menu screen displays ten packages at a time: 1. Examine the selected packages on the first screen and make any changes desired. Use the up/down arrow keys to navigate between fields and the left/right arrow keys to select/deselect a package. 2. Navigate to "Apply" and press carriage return to display the next screen of packages. To accept all default selections on a screen, press the up arrow twice to quickly navigate to the "Apply" button. 3. Continue making any changes needed on each screen and select "Apply" to display the next screen. 4. Select "Apply" on the final screen to install the selected packages. Based on your package selection (or the default package selection if you answered no at the first screen), additional per-package prompts are displayed and a final package dependency check is done. If any missing package dependency are detected, install.sh lists those and allows you to revise your package selections. Then all the MP4 packages are installed without additional user prompting. At the conclusion of the installation a status message is displayed enumerating which packages were installed and whether there were any installation failures (along with a listing of any package that did not successfully install). NOTE: The install.sh script also accepts two options, -n (non-interactive) and -v (verbose). The -n flag skips the menu screens and proceeds to install the default selection of packages. This includes setting certain package options such as (in some cases) removing the deprecated modjk1 package and Mozilla 1.2.x (if installed). The -v flag provides more status information during the installation. B. To individually install packages and or the uw714mp4 set, enter: # ./install.sh [packages] where packages can be the uw714mp4 set or any of the packages listed in Section I, except for packages in the uw714mp4 set and the HBAs. The entire uw714mp4 set should be selected for installation and the HBA are separately installed (see the next step of this procedure). 5. It is now a convenient point to update your HBA device drivers, but doing so is often unnecessary. Updating is not needed if you are currently experiencing no problems with your current HBAs, and see no issues that would affect your HBA installations. You should update the corresponding HBA device drivers if you are experiencing issues with an HBA that have been resolved with this maintenance pack. Similarly, if you install any new HBAs in the future, it would be prudent to follow these instructions to ensure that you are using the latest HBA device driver. To install these packages, do the following as root: a. Find out which HBAs are present on your system: # /sbin/sdiconfig -l noting the lines with HBA in them. b. With the physical CD or ISO image still mounted (step #2 above), enter: # pkgadd -d /install This will bring up a list of HBA device driver packages you can install. c. Select one or more desired HBA device driver packages to install as a comma-separated list, using either the listed numbers or names. Once all the drivers you selected are installed, you are prompted again for additional selections or to quit. Continue the process until all desired drivers are installed, and then enter q at the prompt. Individual device driver packages may have additional prompting; read the prompts carefully. Typically, select the default responses that are offered. 6. If you are installing from CDs, unmount the CD with this command: # umount /install and remove the MP CD from the CD drive. 7. After all desired packages are installed, reboot the system by typing: # shutdown -i6 -g0 -y ------------------------------------------------------------------------ §3: After Installing the Maintenance Pack 1. Please periodically check http://www.sco.com/support/update/download/product.php?pfid=1&prid=6 (the UnixWare 7.1.4 Supplements web Site) for additional updated device drivers and software supplements that may be posted after UnixWare 7.1.4 MP4 completes. In addition, this site provides the following supplements that are not included in UnixWare 7.1.4 MP4: Dialogic 5.1a MergePRO 6.3.0f Open Sound System Supplement 4.0.1 SCO Office Server 4.2.0 2. Samba and OpenLDAP ship in a disabled state by default. The SWAT interface on port 901 will still function and can start and configure the samba daemons; however, they will not start on boot. To enable Samba and OpenLDAP to start on boot, run: # /etc/init.d/samba enable # /etc/init.d/openldap enable Please note that it is strongly advised that you ensure these services are properly configured before attempting to enable or start them. 3. If you install a package (e.g., acp) from the UnixWare media kit that has been updated by the maintenance pack on a system with the maintenance pack installed, you will see the following warning message: The package was installed after installing the package. WARNING: The package contains updates to the above package(s). Please reinstall the package. Failure to do so may leave your system in an inconsistent state. This warning message will be displayed after every pkgadd until you reinstall the uw714m4 package. To do this, mount the maintenance pack CD and type the following two commands as root: # pkgadd -d /mount_point/images/uw714mp4.image uw714m4 # shutdown -i6 -g0 -y ------------------------------------------------------------------------ §4: Maintenance Pack Notes and Limitations 1. javasoap Installation Failure in ja Locale The javasoap package does not install in the ja locale. The work-around is to mount the MP4 CD or ISO image; cd to the mount point; and run either: # cat images/javasoap.image | LANG=C pkgadd -d- javasoap or: LANG=C ./install.sh javasoap (ID: 534937) 2. Htdoc Index Rebuild Failures Htdoc index rebuild failures have been observed after installing 7.l.4mp4 on systems that have previously installed 7.1.4mp3 and the Samba supplement. While the db package released in 7.1.4mp4 fixes index rebuild failures seen with the Samba supplement, the db package version number was not updated. As a result, if the Samba supplement is installed, installation of 7.1.4mp4 will not detect that a new version of db should be installed, and therefore the updated doc files included in that package will not be installed, and the doc indexing problems in the Samba supplement will remain on the system. To fix these doc index rebuild failures, follow these instructions to install the new db package and rebuild the index: 1. Install the new db package: # install.sh db 2. Backup the current doc index files: # mkdir /usr/lib/docview/db.bak # mv /usr/lib/docview/db/* /usr/lib/docview/db.bak 3. Create a new doc index: # /usr/lib/docview/conf/rundig -i 4. Once you are satisfied with new index files, remove the backups created above: # rm -rf /usr/lib/docview/db.bak (ID: 534948:1) 3. eeE8 Checksum Warning After installing the updated nd package, you may see the following warning message on every boot: WARNING: eeE8: eeE8ValidateChecksum: EEPROM checksum validation failed (slot5,port1) This warning comes from the eeE8 driver version 3.0.2 for the following NIC: Vendor ID 0x8086 (INTEL) Device ID 0x1229 Subsystem Vendor ID 0x8086 Subsystem ID 0x9 This message can be safely ignored. (ID: 530830) 4. Reconfiguring the PC Card Systems Due to changes in the PC Card subsystem, if you have a Network Interface Card (NIC) configured in your laptop prior to installing this maintenance pack, it may not function after the MP is installed. To enable it, you must run the Network Configuration Manager (scoadmin network or netcfg), remove the NIC, and then add it again. 5. PC Card Prerequisite Before you can configure a PC Card NIC in your laptop, the pcic driver must be configured using the following steps: 1. Power down the laptop. 2. Insert your PC Card NIC into a slot. 3. Power on the system. On Toshiba laptops, enter the system BIOS as the system comes up and ensure that the following parameter is set as shown: Controller Mode = Cardbus/16-bit 4. Log in as root. 5. Run the Device Configuration Utility: 'dcu'. 6. Select 'Software Device Drivers'. 7. Select 'Miscellaneous'. 8. Page down to the 'pcic' driver. If the pcic driver is already marked by an asterisk (*), then the driver is already configured. Exit the dcu without saving your changes and skip to Step 17. Otherwise, select the 'pcic' driver using the space bar. 9. Press F5 (New). 10. Set the following values: Unit: 0 IPL: 0 ITYPE: 0 IRQ: 0 IOStart: 0 IOEnd: 0 MemStart: This field is automatically set by the pcic driver. Don't change this setting. MemEnd: This field is automatically set by the pcic driver. Don't change this setting. DMA: -1 BindCPU: Leave this field blank. 11. Press F10 (Apply and Return). 12. Press Enter (Return). 13. Select 'Return to DCU Main Menu'. 14. Select 'Apply Changes and Exit DCU'. 15. At the root prompt, enter the following three commands: # rm /etc/conf/pack.d/pcic/_drv.o # /etc/conf/bin/idbuild -B # init 6 16. When the system is booting up, you should see a message indicating that the card was detected following the copyright screen. For example: EG: Intel Pro/100 Cardbus PC Card detected in socket 0 17. Run the Network Configuration Manager (scoadmin network or netcfg) to configure your NIC. 18. Exit the Network Configuration Manager and reboot: init 6 6. OKP If you are running the OpenServer Kernel Personality (OKP), you may see error messages like the following after installing the MP: UX:unixware: ERROR: Unable to change root to /unixware: Invalid argument This is caused by the default setting of the new CHROOT_SECURITY parameter (see #8 in ''Problems Fixed in Maintenance Pack 2'', below). For OKP to function properly, you must set CHROOT_SECURITY to "0" and reboot the system. (ID: 531761) 7. Sendmail Configuration To configure sendmail and to upgrade your smarter host configuration. see the Sendmail portion of the §7.4: Maintenance Pack 4 Highlights section below. 8. Sendmail Startup Delay when NIC is Down Delays up to 80 seconds long in sendmail startup have been seen on systems in which a configured NIC was disconnected or otherwise down. 9. Minimal Cyrus-Sasl Functionality Provided UnixWare 7.l.4 MP4 provides a new Cyrus-Sasl (sasl) package delivering a subset of Cyrus-SASL version 2.1.22. The primary purpose of this package is to enable Sendmail 8.13.8. Very little additional Cyrus-Sasl functionality is provided. For example, the saslauthd daemon is built without PAM support and is not started up on boot. 10. Cyrus-Sasl Packaging Errors There are some errors in the sasl packaging. These errors do not affect the system when using a default Sendmail configuration, but may affect some non-default configurations. The following error message may be reported in syslog: May 28 07:51:38 server01 sendmail[10320]: error: safesasl(/usr/lib/sasl2/libotp.so.2) failed: Group writable directory The problem can be fixed by turning off group write permissions for /usr/lib/sasl2, as follows: # chmod g-w /usr/lib/sasl2 A number of symlinks in /usr/lib/sasl2 are links into / instead of the current directory. For example, /usr/lib/sasl2/libanonymous.so is a link to /libanonymous.so.2 rather than libanonymous.so.2. There are five additional instances in which the symlink points to / rather than the current directory. (ID: 534947:1) 11. Mplayer Does Not Zoom the Video When Resizing the Window To fix this problem, append this line: zoom="1" to the $HOME/.mplayer/config configuration file. (ID: 534416:1) 12. db/openldap/samba Libraries If you are upgrading from earlier versions of the db, openldap, or samba packages, then please note that the earlier libraries remain on your system. This is to enable applications that dynamically linked with these libraries to continue to function. However, to avoid any security issues with the earlier version's library you may want to remove these old libraries: db: /usr/lib/libdb-4.1.a /usr/lib/libdb-4.1.so /usr/lib/libdb-4.1.so.0 /usr/lib/libdb-4.1.so.0.0.0 openldap: /usr/lib/liblber.so.2.0.122 /usr/lib/libldap.so.2 /usr/lib/libldap.so.2.0.122 /usr/lib/libldap_r.so.2 /usr/lib/libldap_r.so.2.0.122 samba: /usr/lib/samba/lib/charset/CP437.so /usr/lib/samba/lib/charset/CP850.so /usr/lib/samba/lib/libsmbclient.a /usr/lib/samba/lib/libsmbclient.so /usr/lib/samba/lib/libsmbclient.so.0 /usr/lib/samba/lib/libsmbclient.so.0.1 /usr/lib/samba/lib/vfs/audit.so /usr/lib/samba/lib/vfs/cap.so /usr/lib/samba/lib/vfs/default_quota.so /usr/lib/samba/lib/vfs/expand_msdfs.so /usr/lib/samba/lib/vfs/extd_audit.so /usr/lib/samba/lib/vfs/fake_perms.so /usr/lib/samba/lib/vfs/full_audit.so /usr/lib/samba/lib/vfs/netatalk.so /usr/lib/samba/lib/vfs/readonly.so /usr/lib/samba/lib/vfs/recycle.so /usr/lib/samba/lib/vfs/shadow_copy.so To remove an old library: /usr/sbin/removef rm After removing all the old libraries for package then enter: /usr/sbin/removef -f For example /usr/sbin/removef db /usr/lib/libdb-4.1.a /usr/sbin/removef db /usr/lib/libdb-4.1.so /usr/sbin/removef db /usr/lib/libdb-4.1.so.0 /usr/sbin/removef db /usr/lib/libdb-4.1.so.0.0.0 rm /usr/lib/libdb-4.1.a rm /usr/lib/libdb-4.1.so rm /usr/lib/libdb-4.1.so.0 rm /usr/lib/libdb-4.1.so.0.0.0 /usr/sbin/removef -f db 13. perl/perlmods Libraries If you are upgrading perl and/or perlmods from the previous UnixWare version (5.8.3) then please note: A. If you installed your own individual perl modules for perl 5.8.3, you need to reinstall them for the new version of perl (5.8.8). This is because the perl modules are placed in directories named for the installed Perl version number. B. Various 5.8.3 files and directories remain on your system. This is to enable applications that rely on that specific version of perl or perlmods to continue to function. However, to avoid any security issues, you may want to remove these files. To do so, log in as root and run this procedure: cd /var/sadm/pkg/perlmods/install chmod 744 cleanup.sh ./cleanup.sh > cleanup.sh.out 2>&1 chmod 644 cleanup.sh cd /var/sadm/pkg/perl/install chmod 744 cleanup.sh ./cleanup.sh > cleanup.sh.out 2>&1 chmod 644 cleanup.sh 14. Openldap Fails if samba is not Installed The openldap package ships with a line in its configuration file /etc/openldap/slapd.conf which references a schema file installed by the samba package. If samba is not installed, then the referenced file isn't present, and the openldap slapd daemon will fail to start, and will instead generate error messages similar to the following in the system log /var/adm/syslog: Apr 9 17:36:25 stb022 slapd[17854]: could not stat config file "/etc/openldap/schema/samba.schema": No such file or directory (2) Apr 9 17:36:25 stb022 slapd[17854]: slapd destroy: freeing system resources. Apr 9 17:36:25 stb022 slapd[17854]: slapd stopped. To fix this problem, either: o Install the samba package, or o Remove (or comment out) the following line from the first section of /etc/openldap/slapd.conf: include /etc/openldap/schema/samba.schema 15. Samba Configuration Installing the new version of the samba package automatically copies the existing Samba configuration (if one exists) from the previous release's /usr/lib/samba/lib/smb.conf and /usr/lib/samba/private/* files. The copied files are under /etc/samba. For your convenience, symlinks for the binaries and the smb.conf file are left in the old /usr/lib/samba locations. However, if your prior configuration specified any alternate or additional configuration files (e.g., a usermap file), they need to be copied separately. Also note: If the new Samba version is removed then your current configuration will not be restored to the previous /usr/lib/samba/lib location. When downgrading, administrators are advised to backup all configuration files before removing the new samba package. 16. Samba/OpenLdap/Heimdal Conventions Starting with the UnixWare 7.1.4 MP3 Samba Supplement, some of UnixWare's previous conventions were altered. The following changes were made: o Samba is disabled by default after it is installed and must be manually enabled via: /etc/init.d/samba enable o Samba start-up script has been relocated from: /etc/dinit.d/S99samba to /etc/rc2.d/S98samba. o Samba configuration files are now located in /etc/samba. o Samba daemon binaries are now located in /usr/sbin. o Samba administration and user binaries are located in /usr/bin. o Samba logs are located in /var/log/samba. o Samba is now compiled with the LDAP and ADS options. o Starting with UnixWare 7.1.4 MP4, Samba is now compiled with Cups support enabled. (The UnixWare 7.1.4 MP3 Samba Supplement did not have Samba Cups support enabled.) o OpenLDAP binaries (slapd and slurpd) are now located in /usr/sbin. The old /usr/libexec locations are symlinked for compatibility. o Heimdal binaries are located in subdirectories of /usr/lib/heimdal. The kinit and klist binaries are symlinked in /usr/bin. 17. PAM Modules The openldap and samba packages contain extra PAM modules. If you have configured any PAM services to use modules provided by any of these packages, and then uninstall the package(s), any service configured to use the uninstalled module(s) will fail. This will prevent that service from successfully logging in. If local console logins are affected, pkgrm will abort. Each package that provides extra PAM modules attempts to detect this scenario. If detected, you are offered the option to abort the package removal. If you do not abort, a warning is displayed at the conclusion of the package removal. If the above warnings are ignored, and you lose the ability to log in via any remote service, you will need to first locally reboot your system. Then enter the following commands into the bootloader to bring your system up in single-user mode: INITSTATE=s b Once booted in single-user mode you need to reconfigure your PAM service(s), and remove the offending module(s) from the configuration file(s). 18. Samba Shares There was a feature added by the Samba team that automatically disables any shares that do not have an explicitly set path. Thus, if you initially define any shares through the SWAT interface, they automatically get an extra "available = no" parameter added to their service definition. Once the share is defined you may remove the "available = no" attribute either manually from the smb.conf file, or via SWAT by toggling the setting under the service definition from the "SHARES" tab. This will then enable your service. 19. Samba/Squid /usr/bin/ntlm_auth Utility UnixWare 7.1.4 provides both the Samba package /usr/bin/ntlm_auth and the Squid package /usr/bin/ntlm_auth utilities. If configuring Squid for NTLM authentication, we recommend using the Samba package /usr/bin/ntlm_auth utility, and thus Samba should be installed (or reinstalled) after Squid. Note that this will be automatically be the case when using the install.sh default installation. 20. Heimdal Errors on Startup The heimdal package may, at boot, generate error messages on the console and in the system log /var/adm/syslog similar to the following: Apr 29 18:20:38 stb020 kadmind[18794]: bind: /var/heimdal/kdc.conf:0: cannot open file This occurs because heimdal ships in an enabled state by default and is starting without a proper configuration. To fix this problem, either: o configure heimdal properly, or o run the following command to prevent it from starting up: /etc/init.d/kdc disable ------------------------------------------------------------------------ §5: Custom CD Creation Instructions 1. Follow steps 1 to 3 of §2: Installing the Maintenance Pack. 2. Enter: # ./mkiso.sh This will ask you the name of the ISO image file. The default is /uw714mp4.iso. After entering the ISO path name, a menu screen listing the names of the packages that are part of this maintenance pack is displayed. By default all packages are selected. Deselect the packages that you want to exclude from your custom CD. and press "Apply" to continue. Since the menu screen can only display ten packages at a time, pressing "Apply" will show the next list of packages. Pressing "Apply" on the final screen will create the CD ISO image file. Note: The uw714mp4 package cannot be deselected. 3. To burn the ISO image file, insert the CD media in your writable CD drive and enter: # cdrecord -v -dao -speed=16 -fs=10m -dev=device -driveropts=burnfree filename where device is the SCSI target for the CD drive and filename is the name of your custom ISO image file. Use cdrecord -scanbus to get device information. Please refer to the cdrecord(1) manual page for details. ------------------------------------------------------------------------ §6: Removing the Maintenance Pack You can effectively remove the maintenance pack by restoring from the backup that you created prior to installing the maintenance pack; see note 4, Back Up Your System in §1: Before Installing the Maintenance Pack. Alternatively, if a backup is not available or for any other reason, you can use the following procedure to remove the maintenance pack: 1. Log in as root. 2. To remove the Maintenance Pack package: # pkgrm uw714m4 NOTES: o Removal of the uw714mp4 set is not recommended. In particular, the device driver and library packages are not removable. o The IP Filter (ipf) and Open Secure Shell (openssh) packages are functionally dependent on the uw714m4 package. These packages will not work if uw714m4 is removed. o The uccs package cannot be uninstalled due to inherent dependencies. 3. To fully restore your system to its prior state, you then need to remove the MP4 CD packages that are not part of the MP4 set. (See the MP4 CD package table above.) However, you may have other packages installed that depend on these MP4 upgraded packages. So you will have to remove the dependent packages before removing some packages installed by MP4. pkgrm informs you of such dependencies when you try to remove a package. To then reinstall your system configuration to match what it was before installing MP4, reinstall the packages from your original UnixWare 7.1.4 media and the media for the most recent prior MP (MP1, MP2, or MP3), if any, that was installed on your system. 4. As noted in PAM Modules, take extra care when removing packages that include PAM modules as it's possible to end up disabling many (or all) of the ways to log into your system when it's configured to use authentication modules that have just been uninstalled. 5. After all the packages are removed, reboot the system by typing: # shutdown -i6 -g0 -y ------------------------------------------------------------------------ §7: Highlights of this Maintenance Pack The following summarizes the major features and improvements in this Maintenance Pack. They are listed in the order in which the features were introduced in this and previous UnixWare 7.1.4 Maintenance Packs. Also see the §8: Problems Fixed in this Maintenance Pack for the complete list of changes made in this Maintenance Pack. A. §7.1: Maintenance Pack 1 Highlights B. §7.2: Maintenance Pack 2 Highlights C. §7.3: Maintenance Pack 3 Highlights D. §7.4: Maintenance Pack 4 Highlights --------------------------------------------------------------------- §7.1: Maintenance Pack 1 Highlights Encrypting Filesystems Perl Module mod_jk1 for Tomcat Pluggable Authentication Modules (PAM) Samba 3.0 - Multibyte and PAM-enabled Encrypting Filesystems A new encryption feature has been added to the marry(7) driver. Using the marry(1M) command, an empty regular file is associated with a block special device name, and encryption is enabled on the file. A file system is created on the block special device using the mkfs(1M) command, and the block special device is mounted using the mount(1M) command. Once mounted, all data written to the file is encrypted using the 128 bit Advanced Encryption Standard (also known as 128bit AES and the Rijndael block cipher); all data read from the file is decrypted. A simple example follows: 1. In the commands below in this procedure, regfile is the full pathname to the regular file that will contain the encrypted file system. Make sure that regfile does not exist; if it does, rename or delete it before continuing. Create regfile and assign appropriate permissions and ownership, as in this example: # touch regfile # chmod 660 regfile # chown root regfile # chgrp appgrp regfile 2. In the commands below in this procedure, mountpoint is the full pathname of the directory to be used to mount the file system. Make sure that mountpoint is an empty directory; move or delete any data residing there before continuing. If mountpoint does not exist, create it and assign appropriate permissions and ownership, as in this example: # mkdir mountpoint # chown root mountpoint # chgrp appgrp mountpoint # chmod 750 mountpoint 3. Marry a block special device to regfile and enable encryption on the device: # cryptfs=`marry -a -b blksz -c "passphrase" regfile` In the example above, the output of the marry command (which can be quite long depending on the path used for regfile) is assigned to the $cryptfs environment variable; this is done only to simplify typing the commands in the next step. The blksz is the maximum size of the married device, in 512-byte blocks, plus 5 blocks for encryption information. So, if you want a file system with a maximum size of 10000 512-byte blocks, use 10005 for blksz. The passphrase (similar to a password, but longer) is used to generate the keys that encrypt and decrypt the contents of regfile. See the marry(1M) manual page for a full explanation of passphrase. 4. Make and mount the file system: # mkfs -F vxfs $cryptfs blksz-5 # mount $cryptfs mountpoint Note that $cryptfs is the output of the marry command from the previous step. Also note that the block size used in the mkfs command must be 5 blocks less than the blksz used in the previous marry command. Please note that an encrypted file system requires more system overhead than a regular file system; this can have a significant effect on performance, depending on the intended use of the encrypted file system. See the marry(1M) and marry(7) manual pages for more information, including the limitations of this interface. Perl Module mod_jk1 for Apache and Tomcat NOTE: The modjk1 package (version 2.0.4) was introduced in UnixWare 7.1.4 MP1 and provided in UnixWare 7.1.4 MP2 and MP3. UnixWare 7.1.4 MP4 provides the modjk package for the first time. modjk replaces the earlier modjk1, "mod_jk2 for Apache 1," package. The Perl module mod_jk1 is used to connect an Apache Web Server to a Tomcat Java Application Server, to provide Web access to Java Applications. Apache and Tomcat are part of the SCOx Web Enabling and Web Services Substrate software, distributed as part of Release 7.1.4. Information on configuring mod_jk1 can be found on the Apache Jakarta Project server at: http://jakarta.apache.org/tomcat/connectors-doc/jk2/jk/quickhowto.html. Tomcat documentation can be found on the Tomcat website at http://jakarta.apache.org/tomcat, and Apache documentation is available from the default Apache server running on UnixWare on port 80 (http://localhost:80). Pluggable Authentication Modules (PAM) The Pluggable Authentication Modules (PAM) feature allows an administrator to manage the authentication policy used by all applications that support PAM without making any changes to those applications. PAM is implemented through: * changes to the kernel to support PAM modules * standard PAM modules in the PAM libraries, for use in authentication-related code in applications * changes to critical system utilities, such as login, to support PAM * changes to applications, such as Samba, to support PAM Please see the PAM documentation for more information. Samba 3.0 - Multibyte and PAM-enabled The samba package provides an update to the Samba 3.0 distributed with Release 7.1.4. This version is enabled for the Pluggable Authentication Modules (PAM) feature, the Name Service Switch (NSS) feature, and also supports the use of multibyte characters for Asian locales. If you install and enable PAM, you must also install the PAM-enabled Samba 3.0 package, since the version of Samba distributed with Release 7.1.4 (and other previous versions) will no longer work once PAM is enabled. --------------------------------------------------------------------- §7.2: Maintenance Pack 2 Highlights IP Filtering New lsof Command PC Card Wireless Support ATI Radeon ES1000/RN50 Graphics Card Support Updated Drivers New Open Source Packages IP Filtering IP Filter 4.1.3 is an advanced open source filtering package which provides both firewall and network address translation (NAT) services. It is the most common filtering package supported across different implementations of the UNIX System. Documentation for IP Filtering is provided on the UnixWare 7.1.4 Documentation Web Site at http://uw714doc.sco.com/en/NET_tcp/ipfintro.html. New lsof Command The lsof command version 4.73 lists information about currently open files. Executing lsof as root with no options displays a line describing each file that has been opened by every currently running process; this list can be large. lsof supports the following options: lsof [-?abChlnNoOPRstUvV] [+|-c c] [+|-d s] [+|-D D] [+|-f[cfgGn]] [-F [f]] [-g [s]] [-i [i]] [-k k] [+|-L [l]] [-m m] [+|-M] [-o [o]] [-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names] Defaults in parentheses; comma-separate set (s) items; dash-separate ranges. -?|-h list help -a AND selections (OR) -b avoid kernel blocks -c c cmd c, /c/[bix] +c w COMMAND width (9) -C no kernel name cache +d s dir s files -d s select by FD set +D D dir D tree *SLOW?* -D D ?|i|b|r|u[path] -i select IPv[46] files -l list UID numbers -n no host names -N select NFS files -o list file offset -O avoid overhead *RISK -P no port names -R list paRent PID -s list file size -t terse listing -T disable TCP/TPI info -U select Unix socket -v list version info -V verbose search +|-w Warnings (+) -- end option scan +f|-f +filesystem or -file names +|-f[cfgGn] Ct,Fstr,flaGs,Node -F [f] select fields; -F? for help -k k kernel symbols (/stand/unix) +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0) -m m kernel memory (/dev/kmem) +|-M portMap registration (-) -o o o 0t offset digits (8) -p s select by PID set -S [t] t second stat timeout (15) -T fqs TCP/TPI Fl,Q,St (s) info -g [s] select by process group ID set and print process group IDs -i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list] +|-r [t] repeat every t seconds (15); + until no files, - forever -u s exclude(^)|select login|UID set s -x [fl] cross over +d|+D File systems or symbolic Links names select named files or files on named file systems For the current lsof manual page, please see: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man. A FAQ is available at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ. PC Card Wireless Support Laptop PC Card support has been updated to include CardBus Card support. The following NIC drivers have been updated to include PC Card support: d21x, e3E and nat. The following new adapters are now supported, including CardBus NICs and selected PRISM II Wireless PC Card NICs: 3Com EtherLink III 3C589C 0101058906 3Com EtherLink III 3C589D 0101058906 3Com 10Mbps LAN PC Card 3CCE589EC 3Com 10Mbps LAN PC Card 3CXE589DT 3Com 10Mbps LAN PC Card 3CCE589ET 3Com 10/100 LAN PC Card 3C3FE574BT Intel PRO/100 CardBus II MBLA3300 Intel PRO/100 S Mobile Adapter MBLA3300 C3 Intel PRO/100 CardBus II MBLA3400 Linksys Combo PCMCIA EthernetCard EC2T Linksys EtherFast 10/100 PC Card PCMPC100 Linksys EtherFast 10/100 CardBus Card PCMPC200 Linksys Wireless-B Notebook Adapter (802.11b) Netgear 10/100 PCMCIA FA410 Netgear 10/100 PCMCIA Mobile Adapter FA411 Netgear 10/100 CardBus FA510 Netgear 802.11b Wireless PC Card MA401 Socket Communications EA Socket Communications LP-E Also see Maintenance Pack Notes and Limitations, below, if you are installing the Maintenance Pack on a laptop that already has a PC Card or CardBus NIC installed. ATI Radeon ES1000/RN50 Graphics Card Support Support for the ATI Radeon ES1000/RN50 video card has been added to the xdrivers-8.0.2b package. Updated Drivers Please see the description of the updated printer drivers, updated network drivers, and the updated X Drivers provided with Maintenance Pack 2, in Problems Fixed in Maintenance Pack 2 below. New Open Source Packages Please see the package table in §1: Before Installing the Maintenance Pack for a list of the updated and new open source packages provide in MP4. --------------------------------------------------------------------- §7.3: Maintenance Pack 3 Highlights Dual Core Support -- Intel and AMD Enhanced Wireless Support PAM Updated for LDAP Updated Drivers New Open Source Packages Single Certification with OpenServer 6 Dual Core Support -- Intel and AMD Multiple core processors have two or more processor cores in each physical package, continuing the trend started with hyperthreading, but offering enhanced parallelism and improved performance due to additional processor cores. Multiple processor cores are automatically detected and utilized if they are available. However, hyperthreaded processors are not utilized unless the administrator specifically requests their use. No additional CPU licenses are required to use either multiple processor cores or hyperthreaded processors. The use of multiple processor cores can be disabled with the boot parameter "MULTICORE=N" entered at the boot prompt or added to the "/stand/boot" file. Having multiple core support enabled has no effect on systems that do not have multiple core processors. If the use of multiple processor cores is explicitly disabled with the "MULTICORE=N" boot parameter, then the use of hyperthreaded processors is also disabled. Hyperthreaded processor support is still disabled by default. Support for hyperthreaded processors can be enabled with any of the following boot parameters: ENABLE_HT=Y HYPERTHREAD=Y ENABLE_JT=Y Enhanced Wireless Support The Intel Centrino Wireless driver (ipw) has been added, and supports the Intel PRO/Wireless 2200BG built-in laptop network card. PAM Updated for LDAP A new PAM module (pam_ldap) has been added that allows authentication via PAM against an LDAP Server. OpenLDAP includes two new files: /usr/lib/security/pam_ldap.so and /usr/lib/nss/ldap.so. These two files together can be used to provide authentication against an OpenLDAP server. For an explanation of using LDAP and PAM, please see http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/pamnss.html. Updated Drivers Please see the Drivers section for Maintenance Pack 3 in Problems Fixed in Maintenance Pack 3 below. New Open Source Packages Please see the package table in §1: Before Installing the Maintenance Pack for a list of the updated and new open source packages provide in MP4. Single Certification with OpenServer 6 Changes have been made to the kernel and libraries that support running binaries that were created using the SCO OpenServer 6 Development System in "-K udk" mode. --------------------------------------------------------------------- §7.4: Maintenance Pack 4 Highlights AGP Device Driver Bind Cups DST Changes HBA Device Drivers Java 2 Standard Edition (J2SE), 1.3.1, 1.4.2, 5.0 Updates Network Driver Package version 8.0.6f PostgreSQL 8.2.6 Samba Environment Sendmail Apache Tomcat mod_jk Module USB Enhancements smbldap-tools MPlayer AGP Device Driver UnixWare 7.1.4 MP4 adds an Accelerated Graphics Port (AGP) driver for faster access to the graphics controller. It uses a Graphics Address Remapping Table (GART) to map discontiguous host memory into a physically contiguous view for DMA transfer to video memory. It is primarily used for running the X11 server on the Intel i81x and AMD 7x1 class of controllers. Bind UnixWare 7.1.4 MP4 includes an upgrade to bind version 9.4.2. Among other features and fixes, this includes the security fix (CVE-2007-2930, VU#927905) related to weak DNS query IDs, which could allow remote attackers to poison the DNS caches. Cups CUPS provides an alternative printing subsystem (and server) for UnixWare 7.1.4, using Internet Printing Protocol ("IPP") as the basis for managing print jobs and queues, and adding network printer browsing and PostScript Printer Description ("PPD") based printing options. UnixWare 7.1.4 Maintenance Pack 4 includes CUPS version 1.3.3. Among the CUPS features added in this update are the following: * CUPS now automatically detects whether a client is connecting with SSL encryption, so CUPS can support unencrypted, SSL encryption, or TLS encryption on a single port. * The server default printers are now advertised by default, to help clients choose the correct default network printer. * The default configuration will show shared printers from any address (not just @LOCAL). * The list of available printers is now only shown when requested, and an Add This Printer button allows you to change the default name, location, and description. * Now raw printers and classes can be configured using the Set Printer Options button. For a full list of updated features please see the documentation available at or below http://www.cups.org/documentation.php. DST Changes The timezone rules were updated to reflect all known changes through the end of March 2008, which includes the recent changes to Australia's and New Zealand's rules. HBA Device Drivers Updated aacraid, adp94xx, ahci, ide, mega, megasas, and mpt device drivers are included on the UnixWare 7.1.4 MP4 CD. These are the same updated device drivers that are also provided on the OpenServer 6.0.0 MP3 CD. The HBA Packages section of the table under §1: Before Installing the Maintenance Pack lists the version numbers of the HBA drivers. To upgrade any of the above device drivers on your already installed UnixWare 7.1.4 or OpenServer 6.0.0 system, mount the UnixWare 7.1.4 MP4 CD and run pkgadd -d . README files for the MP4 device driver can be found on the MP4 CD in the /info/drivers directory. Java 2 Standard Edition (J2SE), 1.3.1, 1.4.2, 5.0 Updates Synchronized J2SE Updates - Security Fixes Following Sun's recent announcement of a synchronized release of the Java 2 Standard Editions on all supported versions of J2SE to address numerous reported security issues, SCO is releasing the same updates for the following J2SE versions supported on UnixWare 7.1.4: J2SE 1.3.1_22 J2SE 1.4.2_17 J2SE 5.0, update 15 For a complete list of security issues resolved in each J2SE version, check the Release Notes for that version in the: * ReleaseNotes.html(.txt) of the corresponding version directory of the info/java directory of the MP4 CD or uw714mp4.iso, once mounted * ReleaseNotes.html(.txt) for each version, once installed, in /opt/java2-1.x.x Because these updates resolve numerous security issues, it is strongly recommended that all J2SE versions on your system be updated. The recommended MP4 update script, install.sh, will automatically select the updates for each version of J2SE on your UnixWare 7.1.4 system. If making a customized MP4 CD with the mkiso.sh script, updates are automatically selected. These J2SE updates are the same J2SE updates recently posted on the SCO support web-site. If you have previously downloaded and installed any of these J2SE updates, the MP4 installation process will not select those packages for reinstallation. Multiple Java 2 SE Releases on UnixWare 7.1.4 Multiple major versions of J2SE can co-exist on your SCO UNIX platform. The installation is to a version specific directory in /opt. J2SE 1.3.1 ==> /opt/java2-1.3.1 J2SE 1.4.2 ==> /opt/java2-1.4.2 J2SE 5.0 ==> /opt/java2-1.5.0 Updates to each major version of J2SE install in the same base directory. Prior to the synchronized release of J2SE 1.3.1_22, 1.4.2_17 and 5.0 update 15, the installation of the JRE piece for each of these major point releases would automatically symbolicly link /usr/java and /usr/java2 to point to the "newly" installed JRE directory. Starting with these synchronized J2SE releases, the symbolic links will only be updated if the JRE being installed is a later J2SE version than the current symbolic links. For example, if prior to installation of J2SE 1.4.2_17, the symbolic links were: /usr/java ==> /opt/java2-1.3.1 /usr/java2 ==> /opt/java2-1.5.0 Following the installation of J2SE 1.4.2_17, the links would be: /usr/java ==> /opt/java2-1.4.2 /usr/java2 ==> /opt/java2-1.5.0 Removal of the J2SE 1.4.7_17 will attempt to restore the pre-installation links, if and only if an executable /opt/java2-1.3.1/bin/java still exists on the system. System administrators can and should readjust these symbolic links as needed by their specific system and software requirements. Other software released by SCO for your SCO UNIX platform, as well as third party applications that use Java, may require a specifc J2SE major version. That software may either reference the J2SE of interest through: * an environment variable such as JAVA_HOME that points to /usr/java or directly to the installation directory /opt/java2-1.x.x * an absolute command path, either /usr/java/bin/command or /opt/java2-1.x.x/bin/command Caution: Before removing earlier/other major versions of J2SE on your system, be certain that other installed software does not require that version. For example, the Apache-Tomcat product released on UnixWare 7.1.4 and OpenServer 6.0.0 have been configured, tested and certified with J2SE 1.4.2. Removal of that JRE will result in Tomcat failing to start. Network Driver Package version 8.0.6f MP4 updates the Network Driver Package (nd) to version 8.0.6f. A README file for the package is on the MP CD in the /info/drivers directory. This file provides more information about the nd package, including the list of supported network cards, as well as what is new in this package from the previous version. PostgreSQL 8.2.6 PostgreSQL 8.2.6 is included on the UnixWare 7.1.4 MP4 CD. This release of the PostgreSQL Database Server includes many performance and security enhancements. A complete list of changes can be found at http://www.postgresql.org/docs/8.2/static/release-8.2.html . Systems running a prior release of PostgreSQL are encouraged to upgrade to take advantage of these features. However, due to internal database format changes made by the PostgreSQL developers to provide these features, a dump of any existing databases you wish to preserved must be performed prior to installing this upgrade. Details on this process are provided here in these release notes. Samba Environment SCO provided the UnixWare 7.1.4 MP3 Samba Supplement after UnixWare 7.1.4 MP3 shipped . The Samba supplement provided a collection of UnixWare packages to enable a greatly enhanced and more robust Samba environment than previously offered in any SCO product. This functionality is provided by MP4 if you install the packages that make up the Samba Supplement. In particular, select the samba and perlmods packages when running install.sh. install.sh will notify you if you need to install any other prerequisite packages. In addition to the enhanced Samba functionality provided by the UnixWare 7.1.4 Maintenance Pack 3 Samba Supplement, Cups support is integrated with Samba in MP4. Samba is a standardized technology used to support Microsoft file and print sharing on UnixWare and many other platforms. In addition to enabling Windows/UNIX(R) resource sharing, Samba provides consistent user administration and administration throughout your networked environment, making use of PAM and NSS as appropriate. For more information about Samba capabilities, configuration options, and general usage, please review the following materials from the Samba Team: 1. The Official Samba-3 HOWTO and Reference Guide: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection. 2. Samba-3 By Example: http://us1.samba.org/samba/docs/man/Samba-Guide. Additionally, the /info/samba directory of the MP4 CD provides the following procedures for configuring your UnixWare Samba server: 1. HOWTO: Join a UnixWare 7.1.4mp3 Samba system to an NT4 style Domain /info/samba/DOMAIN_JOIN/Domain_Join_HOWTO.html. 2. HOWTO: Samba Primary Domain Controller on SCO UnixWare 7.1.4 /info/samba/PDC/PDC_HOWTO.html. Complete example configuration files for each HOWTO are included in their respective directories. Sendmail UnixWare 7.1.4 MP4 includes Sendmail 8, version 8.13.8. The sendmail mail transfer agent (MTA) handles the transport of messages to and from your system and supports local, networked (SMTP), and dial-out (UUCP) mail delivery. This server also supports multi-homing, which means that it can function as a mail gateway to other servers on the network. During the sendmail upgrade, any "smarter host" setting currently configured for sendmail will be preserved and included in the new configuration, but any additional nondefault configuration settings (generally rare) will need to be redone by hand using /etc/mail/manage_sendmail. The old /etc/sendmail.cf configuration file is renamed /etc/sendmail.cf.save and can be checked for previous settings. An /etc/sendmail.cf symlink points to the new /etc/mail/sendmail.cf configuration file used by the updated sendmail. If you had made sendmail configuration setting changes (other than "smarter host") through "scoadmin mail", you should note these settings before updating to the new sendmail. Once updated, "scoadmin mail" invokes /etc/mail/manage_sendmail, not the old interface. Administrators who used (or plan to use) more advanced sendmail configuration options should read the documentation available under http://www.sendmail.org/doc. Apache Tomcat mod_jk Module UnixWare 7.1.4 MP4 provides a new product, Apache Tomcat mod_jk Module (mod_jk). This replaces the mod_jk2 functionality that was previously part of the Apache Tomcat Servlet Container (tomcat) product. The prior mod_jk2 implementation is deprecated and interferes with other Java web server applications such as the SCO Mobility Server. USB Enhancements UnixWare 7.1.4 MP4 provides updated UDI and USB subsystems. This includes the enhancements provided by the earlier UnixWare 7.1.4 MP3 USB Supplement (original release) plus the additional bug fixes provided by version A of the UnixWare 7.1.4 MP3 USB Supplement. The UnixWare 7.1.4 MP3 USB Supplement provided an enhanced USB driver that added support for both USB modems and serial adapters. The device driver adds support for USB modems that conform to the CDC/ACM specification. Written to the Uniform Driver Interface (UDI) specification, the new driver includes a number of fixes that improve performance and device support. Among the USB devices supported by that supplement and MP4 are: All SeaLevel single and multiport devices Allied Data Tornado SFM56.0-USB Modems BAFO Technologies BF-800 and BF-810 Single port adapters Byterunner Technologies USB Communications Adapters. Cables Unlimited USB to RS232 Serial Adapter Comtrol RocketPortII USB Serial Hubs CP-US-03 USB Serial Adapters Modems supporting the "Abstract Control Model" Communications Subclass Interface type. MultiTech MultiModemUSB Modems Serial Adapters that use the FT8U232AM Chipset (**) Serial Adapters that use the PL-2303 Chipset (**) VScom USB Serial Adapters Zoom/Faxmodem 56K USB Modems (*) (*) Zoom has intermittent start-up failures due to firmware problems. (**) If a vendor changed the product ID in PL-2303 and FT8U232 then the device may not work with this release. UnixWare 7.1.4 MP4 also provides these additional bug fixes that were not in the original UnixWare 7.1.4 Maintenance Pack 3 USB supplement but were in the updated version A of that supplement: * fz534075:1, Recognize Iomega REV changer by not caching INQ across LUNS * fz534090:1, Improve EHCI performance by raising maximum interrupt rate. Notes on USB Serial and Modem Device Names follow: After installing MP4, once your system is rebooted any supported USB Serial and USB Modem devices connected to the system will be automatically recognized and device nodes for these devices will be created. You can use the command usbprobe to verify that your USB Serial Adapter/Modem has been detected by UnixWare 7.1.4. To list the serial ports of the USB devices that are recognized by your system run the command: l /dev/usb_ser* This will return output similar to: crw-rw-rw- 1 root root 295,108 Oct 24 10:05 /dev/usb_ser0A crw-rw-rw- 1 root root 295,107 Oct 24 10:05 /dev/usb_ser0a crw-rw-rw- 1 root root 295,106 Oct 24 10:05 /dev/usb_ser0h crw-rw-rw- 1 root root 295,105 Oct 24 10:05 /dev/usb_ser0s /dev/usb_ser: total 0 crw-rw-rw- 1 root root 295,108 Oct 24 10:05 tty.03001-3.A crw-rw-rw- 1 root root 295,107 Oct 24 10:05 tty.03001-3.a crw-rw-rw- 1 root root 295,106 Oct 24 10:05 tty.03001-3.h crw-rw-rw- 1 root root 295,105 Oct 24 10:05 tty.03001-3.s where /dev/usb_ser0A is the modem control device /dev/usb_ser0a is the non modem control device /dev/usb_ser0h is the Hardware flow control device /dev/usr_ser0s is the Software flow control device and /dev/usb_ser/tty.03001.3.A /dev/usb_ser/tty.03001.3.a /dev/usb_ser/tty.03001.3.h /dev/usb_ser/tty.03001.3.s are USB Serial Device names for the serial ports where the first five digit number is the location of the host controller interface (HCI) to which the serial port/modem is connected. It's five digits represent the PCI bus number (two digits), the PCI device number (two digits), and the PCI function number (the final digit). For example: /dev/usb_ser/tty.03001.3.A The above device name indicates that the HCI is located at PCI bus number 03, PCI device 00, PCI function 1. Note that this number is completely determined by the hardware vendor's PCI configuration. The remainder of the device name after the second period is a sequence of from one to six decimal numbers, each of which can be from one to three digits. The final number, which is required, indicates the port number on the device to which the serial port/modem is physically connected. Up to five hubs can be connected between the serial port/modem and the PC USB port, and the ports to which these devices are connected are indicated by the five optional three digit numbers in the device name, separated by periods. In the example above, the serial port is connected to PC USB Port 3. A device name like /dev/usb_ser/tty.00072.1.4.2 indicates the following device configuration: PC USB Port 1 --- | Hub#1 Port 1 PC USB Port 2 | Hub#1 Port 2 | Hub#1 Port 3 | Hub#1 Port 4 --- | Hub#2 Port 1 ... | Hub#2 Port 2 --- USB Serial Port Configuring USB Modem Devices: The SCOadmin Serial Manager and SCOadmin Modem Manager do not currently support the configuration of USB Serial and Modem devices. You can however manually configure your USB Modem as follows: 1. As root, run the SCOadmin Modem Manager using: scoadmin modem and choose: Modem -> Add -> Manual Configuration... 2. Select the Modem Vendor: and then the Modem Model: of your USB Modem from the list that is presented. 3. Accept the default Modem Port: (usually term/00m) and choose OK to configure the modem on /dev/term/00m. Now choose: Host -> Exit to exit from the SCOadmin Modem Manager. 4. Edit, using your favorite editor, the file /etc/uucp/Devices and change the lines that begin: Direct term/00m,M - .... ACU term/00m,M - ..... to: Direct usb_ser0A,M - ..... ACU usb_ser0A,M - ...... For example if the original lines read: Direct term/00m,M - 57600 direct ACU term/00m,M - 57600 MultiTech_MT5634MU replace them with: Direct usb_ser0A,M - 57600 direct ACU usb_ser0A,M - 57600 MultiTech_MT5634MU 5. If you are going to use the Modem for Dial-In then you will also need to add a ttymon service on the Serial Port of the Modem. To do this use your favorite editor to add the line: usb_ser0A:u::reserved:reserved:login:/dev/usb_ser0A:bohr:0:auto:60:auto:ldterm,ttcompat:login\::::::# to the file /etc/saf/ttymon1_pmtab. 6. You can then enable a login on the serial line of the Modem using: pmadm -e -p ttymon1 -s usb_ser0A For testing purposes you may want to disable the login using: pmadm -d -p ttymon1 -s usb_ser0A 7. Once configured, you can verify access to the modem using the cu(1bnu) command as follows: cu -l usb_ser0A If successful you will see the message Connected and the modem should respond to "at" commands. 8. To disconnect from the modem type: ~. and this will return you to the Unix shell prompt. smbldap-tools This release includes version 0.9.2 of smbldap-tools. This set of Perl based utilities allows Samba to manipulate an LDAP database on the fly. This functionality is necessary for adding domain users, machine accounts, and performing other such administrative tasks. Please refer to the PDC HOWTO file in the /info/samba/PDC directory of the MP CD or the examples in the /etc/smbldap-tools/examples directory (of an installed MP4 system) for proper usage. MPlayer The UnixWare 7.1.4 Maintenance Pack 4 CD includes the mplayer package that was previously provided in the UnixWare 7.1.4 MPlayer Supplement. This package provides MPlayer, a movie and animation player that supports a wide range of codecs and file formats including AVI, MPEG, QuickTime, FLC/FLI, and WMV. NOTE: This version does not support the playing of DVDs. MPlayer uses the OSS sound APIs. To enable sound support, install the 4Front oss package which is available from http://www.sco.com/support/update/download/release.php?rid=284. Additional information on MPlayer can be found in the documentation included in the mplayer package and at http://www.mplayerhq.hu/design7/info.html. ------------------------------------------------------------------------ §8: Problems Fixed in this Maintenance Pack A. Problems Fixed in Maintenance Pack 1 B. Problems Fixed in Maintenance Pack 2 C. Problems Fixed in Maintenance Pack 3 D. Problems Fixed in Maintenance Pack 4 --------------------------------------------------------------------- §8.1: Problems Fixed in Maintenance Pack 1: The UnixWare 7.1.4 Maintenance Pack 1 set (uw714mp1) contains the following fixes. These fixes are also included in UnixWare 7.1.4 Maintenance Pack 4 set (uw714mp4). o uw714m1 package fixes: Feature and usability enhancements: 1. The following UnixWare 7.1.4 functionality is now provided: o Pluggable authentication modules (PAM) support o Encrypted file system support These features are described in the online documentation that is provided with the uw7mpdoc package that accompanies this maintenance pack. See the "New Features and Notes" section of the online documentation. fz528611 fz529097 2. Intel microcode updates. erg712621/ptf9050/fz529619 3. kcrash macros updates. fz529663 4. Additional source files for DBA usage with MySQL provided with the SCOx enablement package. Modified Makefile, eelsdba_mysql.c, initdb.mysql and README are provided for use with latest MySQL package. fz529851 5. Enabled large file support in compress. fz529876 Security improvements: 6. SECURITY: Some files and directories were created incorrectly allowing write permission to arbitrary users. Some system daemons were running with a file creation mask (umask) set to 0. fz528862 7. SECURITY: Security vulnerability issues in TCP are fixed according to this IETF draft: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt erg712598/fz529384 8. SECURITY: Two new inconfig tunables have been introduced to address the TCP Rose Attack: o ip_maxfragpackets: This is the maximum number of fragmented packets that IP will accept. The default is 800. o ip_maxfragsperpacket: This is the maximum number of fragments per packet that IP will accept. The default is 16. erg712605/fz529414 SCOSA-2005.14 Reliability improvements: 9. Fixed kernel panic on errant umem_free() in [g|s]etgroups_sco. fz528775 10. Fixed a memory corruption bug caused by not stopping netbios when the system was brought to init state 1. ptf9050b/fz529565 11. Fixed process hangs due to race between exiting children and SIGCLD processing in the parent. erg712596/fz529361 Networking improvements: 12. Changed use of types u_[short,int,long] to u[short,int,long]_t in since the former are not always defined. fz529581 13. The SHUT_RD, SHUT_WR, and SHUT_RDRW macros in are defined only when at least one XOPEN-ish feature test macro is defined. This is counter to our "everything visible by default" model for headers. The TOG SUS says that SHUT_* macros can be defined in general, so there's no reason not to define these with no conditional inclusion coverage. fz529698 14. Under some circumstances, ppp could go into an infinite loop of read calls in the libnsl ics_read_data() routine. erg712620/fz529611 Installation tools improvements: 15. By the time pkgadd executes the preinstall script of a package, it has already updated the contents file with the information from the package's pkgmap file. Hence if the preinstall script is terminated for some reason, the contents file is left in a bad state - the files are not installed on the system but they are present in the contents file. This has been fixed so that the contents file is not updated until the files are installed. fz519105 16. Fixed a problem where pkginstall, pkgremove and installf can destroy the software contents file if it is already locked by another process. fz198541 Licensing improvements: 17. The license policy daemon ignores custom licenses from earlier releases. For example, if your system license had previously included extra users, not separately licensed but included in your original, those users would be ignored. This has been fixed. ptf9050a/fz529560 o Runtime C Library (libc) version 8.0.2a fixes: 18. Bad parsing of some special strings in string-to-floating code. fz529765 o Runtime Thread Library (libthread) version 8.0.2a fixes: 19. Oracle may hang while starting by going into an infinite loop in libthread's thr_keycreate(). erg712658/fz529884 Additional bug fixes and enhancements were provided with the supplemental packages that were distributed with UnixWare 7.1.4 Maintenance Pack 1. These fixes are also included in the supplemental packages provided with UnixWare 7.1.4 Maintenance Pack 4. o Documentation: 1. The Updated Base System Guides (uw7mpdoc) package, version 7.1.4a, provides documentation for the PAM, encrypted file system, modjk1, and Samba features delivered with uw714mp1 and its supplemental packages. o PAM: 2. The following supplemental packages have been updated to enable support for PAM. They can only be installed if the pam package (contained in uw714mp4 set) is installed: cups - Common Unix Printing System, version 1.1.19-02 openssh - Open Secure Shell, version 3.8.1p1 samba - SMB based file/printer sharing, version 3.0.4 xcontrib - X11R6 Contributed X Clients, version 8.0.2a o The Foomatic Filters and PPDs (foomatic) package, version 3.0.0-02, and the HP Inkjet Printer Driver (hpijs) package, version 1.5-01, contain this fix: 3. Fixed obscure corruption of a few data files. fz529615 o The Netdriver Infrastructure and Configuration Subsystem (nics) package, version 8.0.2a, contains this fix: 4. A time delay of 1 sec in dlpiclose() was causing some applications, e.g. getmany (accessing mib-2 table) to consume large amounts of CPU time. This time delay ensured that all in-transit packets were processed before closing the SAP. This delay is removed and the code reworked to use message based synchronization during closedown. dlpiclose() now constructs a M_CTL packet containing a message of type dl_ctlmsg_t. This message contains DLPI primitive set as DL_CLOSESAP and a pointer to the SAP structure. This message is queued at the DLPI lower read queue so that dlpilrsrv will handle it. It then goes to sleep. When dlpilrsrv receives this message, it is assured that all messages before it have been sent upstream, i.e., there are no in-transit packets. dlpilrsrv signals dlpiclose to close the SAP. erg712282/fz526486 o The Open Secure Shell (openssh) package, version 3.8.1p1, contains these fixes: 5. OpenSSH has been updated from version 3.7.1p2 to 3.8.1p1 and support for PAM has been enabled. Please see the openssh website for the list of changes. http://www.openssh.com/ fz528611 6. SECURITY: OpenSSH only gives significance to the first 8 characters of a password. erg712648/fz529827 SCOSA-2005.19 o The OpenSSL - Secure Sockets Layer / TLS Cryptography Toolkit (openssl) package, version 0.9.7d, contains this fix: 7. SECURITY: OpenSSL has been updated from version 0.9.7c to 0.9.7d to fix several security issues with the earlier version. Please see the openssl website for the list of changes. http://www.openssl.org/ erg712602/fz529411 SCOS-2005.7 o The OpenSSL Documentation (openssld) package, version 0.9.7d, provides the updated documentation for the openssl package version 0.9.7d. o The SMB based file/printer sharing (samba) package, version 3.0.4, contains these fixes: 8. Samba has been updated from version 3.0.0 to 3.0.4 to enable PAM and to provide multibyte support. Please see the samba website for the list of changes. http://www.samba.org/samba/ fz529665 9. Swat server status page shows smbd "not running" even when it is. fz528969 o The OUDK Optimizing C Compilation System (uccs) package, version 8.0.2a, contains these fixes: 10. With the introduction of NSS, SCO has changed some existing APIs and added some new APIs to support NSS. Customers building binaries that use these APIs will find that their compile will fail with undefined symbol references similar to the following: Undefined first referenced symbol in file getspnam_r libperl.so getpwent_r libperl.so getgrent_r libperl.so Note: This problem is only seen in systems upgraded from earlier UnixWare releases to UnixWare 7.1.4. 11. C compiler bug fixed. In -Xt mode, the compiler may incorrectly attempt to combine two typedef's that are not numeric types. erg712635/fz529721 12. Make command bug fixed. $(XD:str=rep) broken, where X is any of the @*<%? special characters. erg712665/fz529930 o The X11R6 X Server (xserver) package, version 8.0.2a, contains this fix: 13. SECURITY: Some files and directories were created incorrectly allowing write permission to arbitrary users. Some system daemons were running with a file creation mask (umask) set to 0. fz528862 o The Additional Modules for Perl (modjk1) package, version 2.0.4, contains this fix: 14. Provides the modjk connector for Apache 1 and Tomcat. Apache 2 users do not need this package. Notes: o This package is not installed by default. o This package will not conflict with modjk for Apache 2 & Tomcat as the library is installed in a different location. fz529629 --------------------------------------------------------------------- §8.2: Problems Fixed in Maintenance Pack 2: The UnixWare 7.1.4 Maintenance Pack 2 set (uw714mp2) contains the following fixes. These fixes are also included in UnixWare 7.1.4 Maintenance Pack 4 set (uw714mp4). o uw714m2 package fixes: Feature and usability enhancements: 1. Updated Laptop PC Card support to include CardBus support. fz529602 2. Updated /sbin/p6update to support new Intel Prescott and Nacona processors. Includes additional microcode updates. fz530177 3. Enhanced /etc/hw command to decode Pentium 4 cache size information and system memory sizes in excess of 4Gb. fz525623 fz528909 4. Added lsof command version 4.73. Lsof is a UNIX-specific tool. Its name stands for LiSt Open Files, and it does just that. It lists information about files that are open by the processes running on a UNIX system. The lsof provided is compiled with the following flags: -DINKERNEL -Kthread -Kalloca -O2 See the complete copyright notice at the end of this file. fz530110 5. Increased the number of users from 1 to 2 for the default Business Edition license. fz530379 6. Added the Japanese Gaigi character definitions to Japanese locales. erg712726/fz530392 7. For X11R6 applications, allow the NumLock key to be used with Motif accelerator and mnemonic keys for pulldown menus. To enable this feature, set the environment variable "XMNUMLOCK=ALL" for the process. erg712703/fz530229 Security improvements: 8. SECURITY: A new file system tunable, CHROOT_SECURITY is provided to protect against a known exploit for escaping from a chroot prison. The new tunable is described in /etc/conf/dtune.d/fs and defined in /etc/conf/mtune.d/fs. Protection is provided by the default value of 1 but traditional behavior may be obtained by setting CHROOT_SECURITY to 0, and rebooting the system. erg712509/fz528555 SCOSA-2005.2 9. SECURITY: ICMP error messages are discarded for TCP connections if TCP sequence number in ICMP payroll is not in the range of the data already send but not yet acknowledged. erg712758/fz530661 10. SECURITY: Fixed the Common Desktop Environment dtlogin XDMCP Parser Remote Double Free vulnerability. erg712592/fz529303 SCOSA-2005.18 11. SECURITY: Fixed the following Denial of Service vulnerability. When the NFS mountd service is run by inetd and an NFS mount related request is received from a remote (or local) host, inetd will repeatedly create the mountd process and as a result increasingly consume memory. This problem also exists for the following inetd services: ypupdated, rusersd, sprayd, and walld. To fix this, the mountd service is updated from a "dgram" service to a "tli" service. The socket_type (in /etc/inet.d/inetd.conf) is also changed from "dgram" to "tli" for the following inetd services: mountd, ypupdated, rusersd, sprayd, and walld. erg712731/fz530479 SCOSA-2005.1 12. SECURITY: An upgrade to the KAME implementation of internet key exchange (IKE) daemon implementation which includes several security fixes. erg712650/fz529836 SCOSA-2005.10 Reliability improvements: 13. Fixed kernel panic caused by Merge trying to save FPU state when FPU hasn't been used. fz529860 14. Fixed various bugs in fork that in turn could lead to kernel panics in priocntl. The fixes had to do with ensuring that per-lwp properties were inherited consistently across a fork. fz529463 15. Fixed kernel panic that can sometimes occur due to race condition between fdetach of a named pipe and the last close on the pipe's file descriptors. erg711929/fz519727 16. Fixed kernel panic and kernel memory corruptions caused by an erroneous pointer left in a STREAMS lower multiplexor queue structure during execution of an I_LINK or I_PLINK ioctl. erg712470/fz528449 17. Fixed deadlock that can occur if an NMI occurs on one CPU at the same time that another CPU takes a clock interrupt and attempts to recalibrate the clock. erg712722/fz530382 Networking improvements: 18. Fixed bugs in the scoadmin dhcp and address allocation managers that cause tcl failures and hangs. fz526860 fz528398 fz528404 fz528650 fz529146 fz529522 19. For /dev/tcp, /dev/udp and other related device nodes, permission is given to root to change access and modification times, and to change mode, uid and gid if they are different from the current ones. erg712672/fz528399 20. Fixed IP packet filtering. erg712619/fz529605 21. Fixed race between tcp input processing and tcp close processing. erg712585/fz529161 22. The netstat -I command displays output incorrectly, if the machine gets a lot of packets in a particular interval. erg712663/fz529916 23. System gets many "Out of stream" messages in osmlog and kernel panics afterwards. erg712707/fz530251 24. SNMP time ticks are being interpreted as signed 32-bit integers instead of unsigned 32-bit integers erg712732/fz530366 25. An errant assumption about the maximum size of tcp/ip header including the MAC header and the STREAM headers would not exceed 256 bytes caused the system to write past the allocated space. The allocation optimization now properly accounts for the MAC header if it does not exceed the 256 byte KMA pool size. fz530654 26. There was a namespace conflict within the definition of inet_ntoa. The kernel version is renamed to inet_ntoa_r. This helps to ease porting of open source applications to UnixWare. fz529706 27. Changes to ip_var.h to allow porting of open source applications without requiring the inclusion of some UnixWare-specific headers. fz529708 28. Moved _tcpconn and tcp_dbg_hdr data structures and associated defines from tcp.h to tcp_var.h to allow porting of open source applications without requiring the inclusion of some UnixWare-specific headers. fz530909 USB improvements: 29. Certain USB keyboards exhibit a jitter that is usually seen as the repetition of a previous character. erg712294/fz527741 30. Fixed a potential problem with newer EHCI USB controllers that are controlled by the system BIOS. The visible symptom is that devices attached to the EHCI ports of certain systems won't work. fz530306 31. Low and full speed USB devices attached directly (i.e. not via a USB 2.0 hub) to an EHCI controller will get a message logged to the console 'Device reset timeout during enumeration!' when they are discovered. The message is benign; the devices work as expected. This fix eliminates the cause of the distracting message. fz530377 32. Fixed bug in UDI bridge mapper that caused shared PCI interrupts to remain un-acknowledged during USB host controller initialization leading to system hangs. erg712677/fz530090 erg712699/fz530174 33. Attempting to autoconfigure a USB mouse via the mouseadmin command did not work properly, and the mouse test would always fail. This problem would only be encountered by those adding or switching to a USB mouse, post ISL, and attempting to autoconfigure it through mouseadmin. fz530587 Motif library and X improvements:: 34. Fixed a bug where the change of background of the Motif Scale widget with XtSetValues has no effect if the widget was not realized yet. erg712682/fz530146 35. Fixed the XmATTACH_OPPOSITE_FORM attachment in the children of a Form widget using the incorrect sign of the value, which causes the form to resize itself to become smaller and smaller. erg712697/fz530166 36. Fixed the display of the Japanese messages in programs based on the Athena widgets. Note: Portions of this fix are contained in the xserver, xclients, and xcontrib packages. These packages must be installed or the commands will stop working in Japanese! erg712661/fz529890 Misc improvements: 37. Changes to acpi and mps drivers to recognize pci devices that were previously not found. Includes an upgrade to the latest version of the acpi driver. fz530205 erg712706/fz530250 38. Online and offline of processors may work incorrectly on systems where the processors report more than one logical processor per physical package when hyperthreading is disabled in the system BIOS. fz530165 39. Fixed problems caused by the Intel ICH3-S chipset occasionally returning bad real-time clock values. Symptom was that some platforms may hang on boot with warning messages from psm_time_spin_adjust. erg712593/fz529317 40. Various "off by one" errors fixed in the interval timer code. erg712667/fz529962 41. Disksetup's default blocksize does not work with large VxFS file systems. erg712615/fz529483 42. Fixed the reserve bitmap buffer setup to wrong channel/snode during VxFS snapshot creation, which caused snapshots to be disabled due to read i/o failures on good drives. erg712644/fz529774 43. init failing to change runlevels. There was a race condition in the waitproc function in the init code that has been fixed. erg712313/fz527890 44. System hangs on boot - idmknodd last process run. There was a race condition in the waitproc function in the init code that has been fixed. erg712607/fz529426 45. Fields incorrectly labeled in rtpm utility in Japanese locale. fz530091 46. The auditrpt -f command is causing segmentation faults on some audit report data files. erg712760/fz530410 47. The ap command is causing segmentation fault. Note: Portion of this fix is in the libc package. erg712675/fz530046 48. The creatiadb command is not working. erg712678/fz530093 49. The ps command will now report NI values as set by nice(2), rather than always displaying a 0 in that output column. This is only a compatibility measure and does not imply that the value set by nice(2) will affect scheduling behavior. fz530118 50. Printer manager GUI hangs while adding local printers on a freshly installed system. fz530092 51. C++ template instantiation fails when object file has non-.o suffix To fix this, .ti and .ii suffixes now append to, rather than replace, non-.o object suffixes. fz530247 52. A function call argument that is an expression with "side effects", cannot be used directly more than once when doing function inlining. A C++ "? :" expression, in which the third operand (conditionally evaluated) created a short-lived temp class object, was incorrectly replicated when replacing a multiply-referenced parameter in an inlined function. fz530178 53. For NIS systems, correct lookup-by-GID failure. Note: Portion of this fix is in the libc package. fz530952 54. We now have libcrypto.so from openssl package also and it defines _des_crypt() which is also defined by libcrypt.so. Updated libcrypt.so to use its own definition so that things remain sane. fz530438 55. Updated the /usr/lib/apache/conf/httpd.conf file if apache-1.3.29 and php-4.3.5 are installed, or the /opt/apache2/conf/conf.d/php4.conf file if apache2-2.0.49 and php4-4.3.5 are installed, with: AddType application/x-httpd-php .php .php3 .inc .phtml AddType application/x-httpd-php-source .phps In future, installation of php or php4 should update these files. fz529730 56. Fixed Tomcat 4.1.30 start script to implement a nohup. In future, this will be fixed in the tomcat package. fz530103 57. Fixed the Perl 5.8.3 configuration files to remove build pathnames. In future, this will be fixed in the perl package. fz530344 58. Fixed a syntax error in Mozilla start script. In future, this will be fixed in the mozilla package. fz530539 o Runtime C Library (libc) version 8.0.2b fixes: Note: All fixes in the libc package are also included in the uccs package. 59. Fixed a memory leak in tzset(). erg712729/fz530421 60. 61The ap command is causing segmentation fault. erg712675/fz530046 61. PAM enabled services do not update syslog correctly. fz530185 fz529908 62. For NIS systems, correct lookup-by-GID failure. fz530952 Additional bug fixes and enhancements are provided with the following packages that are distributed with UnixWare 7.1.4 Maintenance Pack 2. These fixes are also included in the supplemental packages provided with UnixWare 7.1.4 Maintenance Pack 4. o The Common Unix Printing System (cups) package, version 1.1.19-03: 1. SECURITY: Fixed a Denial of Service vulnerability. It was possible to disable browsing in CUPS by sending an empty UDP datagram to port 631 where cupsd is running. erg712688/fz530153 SCOSA-2004.15 , o The Foomatic Filters and PPDs (foomatic) package, version 3.0.2: 2. SECURITY: Foomatic has been updated from version 3.0.0-02 to 3.0.2 to fix a security problem. Please see the foomatic website for the list of changes. http://www.linuxprinting.org/foomatic.html erg712704/fz530505 SCOSA-2005.12 o The HP Inkjet Printer Driver (hpijs) package, version 1.5-02: 3. Updated and new PPD files for non-HP printers from the foomatic-3.0.2 distribution. erg712704/fz530505 o The Lightweight Directory Access Protocol services (ldap) package, version 8.0.1a: 4. LDAP fails to start with the following error message: dynamic linker: /usr/lib/ldap/slapd: relocation error symbol not found: ldapdebug_level referenced from /usr/lib/ldap/slapd erg712679/fz527615 o The Runtime OpenServer library (libosr) package, version 8.0.2a: 5. This version contains an updated libc.so.1 and three new libraries: libm.so.1, libcurses.so.1, and libsocket.so.2. fz529055 o The PNG (Portable Network Graphics) Library (libpng) package, version 1.2.7: 6. SECURITY: Libpng has been updated from version 1.2.5 to 1.2.7 to fix several security problems. Please see the libpng website for the list of changes. http://www.libpng.org/pub/png/libpng.html erg712684/fz530149 SCOSA-2004.16 o The Network Drivers (nd) package, version 8.0.2b: 7. Updated Intel PRO/100 (eeE8) Network Driver to version 2.9.1. fz530765 8. Updated Intel PRO/1000 (e1008g) Network Driver to version 7.4.9. fz530764 9. Updated Broadcom Gigabit (bcme) Network Driver to version 7.5.22. fz530259 10. The following NIC drivers have been updated to include PC Card support: d21x, e3E and nat. fz529602 11. The following new adapters are now supported including CardBus NICs and selected PRISM II Wireless PC Card NICs: 3Com EtherLink III 3C589C 0101058906 3Com EtherLink III 3C589D 0101058906 3Com 10Mbps LAN PC Card 3CCE589EC 3Com 10Mbps LAN PC Card 3CXE589DT 3Com 10Mbps LAN PC Card 3CCE589ET 3Com 10/100 LAN PC Card 3C3FE574BT Intel PRO/100 CardBus II MBLA3300 Intel PRO/100 S Mobile Adapter MBLA3300 C3 Intel PRO/100 CardBus II MBLA3400 Linksys Combo PCMCIA EthernetCard EC2T Linksys EtherFast 10/100 PC Card PCMPC100 Linksys EtherFast 10/100 CardBus Card PCMPC200 Linksys Wireless-B Notebook Adapter (802.11b) Netgear 10/100 PCMCIA FA410 Netgear 10/100 PCMCIA Mobile Adapter FA411 Netgear 10/100 CardBus FA510 Netgear 802.11b Wireless PC Card MA401 Socket Communications EA Socket Communications LP-E o The Network Infrastructure and Configuration Subsystem (nics) package, version 8.0.2b: 12. System kernel panics under heavy load in dlpi_hwfail_handler. There was race condition in txmon handler. erg712681/fz530124 o The Open Secure Shell (openssh) package, version 3.9p1-01: 13. OpenSSH has been updated from version 3.8.1p1 to 3.9p1. Please see the openssh website for the list of changes. http://www.openssh.com/ 14. When sshd is stopped and restarted, it no longer works. The user trying to get in gets the following message: Read from socket failed: Resource temporarily unavailable fz529865 15. Host based authentication does not work with openssh. fz530102 16. Cannot login to an account with an expired password with openssh. fz530287 o The Samba (samba) package, version 3.0.10: 17. SECURITY: Samba has been updated from version 3.0.4 to 3.0.10 to fix several security problems. Please see the samba website for the list of changes. http://www.samba.org/samba/ erg712735/fz530486 SCOSA-2004.15 erg712754/fz530644 o The Squid Caching Proxy Server (squid) package, version 2.5.STABLE7: 18. SECURITY: Squid has been updated from version 2.4.STABLE7 to 2.5.STABLE7 to fix several security problems. Please see the squid website for the list of changes. http://www.squid-cache.org/ erg712610/fz529457 SCOSA-2005.16 erg712740/fz530514 o The OUDK Optimizing C Compilation System (uccs) package, version 8.0.2b: 19. SECURITY: Fixed predictable temporary file creation by the cscope command that can be exploited by any local attacker to remove arbitrary files on the vulnerable file system via the infamous symlink vulnerability. erg712738/fz530500 20. When doing optimization on functions with exceptionally large code blocks where the total number of arguments passed to calls in a single block exceeds 8000, the C or C++ compiler may generate incorrect memory addresses for local variables. This problem has only occurred in atypical 4GL generated source code. erg712757/fz530656 21. Invalid #define of setterm() macro in curses.h. fz530412 22. When alloca() is used as an argument to another function call, the stack of the current frame may be corrupted such that invalid (saved) register values may be returned to the callee. fz527215 fz531008 o The General Purpose Data Compression Library (zlib) package, version 1.2.1-01: 23. SECURITY: Fixed a Denial of Service vulnerability. Fixed error handling in the inflate implementation to avoid incorrectly continuing to process in error state. erg712692/fz530158 SCOSA-2004.17 o The X11R6 Base X Runtime System (basex) package, version 8.0.2a: 24. SECURITY: Fail-soft mechanism is implemented for handling cases where the permissions and/or owner of the /tmp/.X11-unix, /tmp/.ICE-unix, and /tmp/.font-unix directories are not correctly set. Fail-soft means, if the permission and/or owner is improperly set, the component would try to properly set it. If it is unable to do that, it would generate error/warning message(s), but the component would not fail. Note: Portions of this fix are contained in the xserver package. erg712694/fz530161 SCOSA-2005.8 25. Fixed XtAppAddInput() function. Added missing brackets around XPOLL_READ, XPOLL_WRITE, XPOLL_EXCEPT erg712671/fz529974 o The X11R6 X Server (xserver) package, version 8.0.2b: 26. Invoking "scoadmin video" on an Intel SE7520JR2 white box server to adjust graphics resolution in either character or graphics mode causes the system console to start blinking, and there is no recovery other than rebooting. erg712755/fz530648 o The X11R6 Contributed X Clients (xcontrib) package, version 8.0.2a: 27. Fixed warning message from the xtetris command. fz530182 28. The puzzle command is causing segmentation fault. erg712700/fz530183 29. The ar command displays incorrect message in Japanese environment. erg712640/fz529737 o The X11R6 Graphics Drivers (xdrivers) package, version 8.0.2a: 30. Added the Matrox G550 Video Adapter support to the mtx driver. fz530771 o The IP Filter (ipf) package, version 4.1.3: 31. IP Filter 4.1.3 is an advanced open source filtering package which provides both firewall and network address translation services. It is the most common filtering package supported across different flavors of UNIX. For a complete list of features and services provided, please check the following URLs. o http://coombs.anu.edu.au/~avalon/ o http://www.obfuscation.org/ipf/ipf-howto.txt fz530132 --------------------------------------------------------------------- §8.3: Problems Fixed in Maintenance Pack 3: * Feature and usability enhancements * Kernel improvements * Security enhancements * Networking improvements * USB improvements * Motif library and X improvements * Commands * Development System * Application Fixes * Other Fixes * Drivers Feature and usability enhancements 1. Support for HOPF Serial Device and the following clocks is enabled in NTP demon and utilities. -- o Diem Computime Radio Clock o ELV/DCF7000 clock o HOPF 6021 clock o Meinberg clocks o RCC 8000 clock o Schmid DCF77 clock o WHARTON 400A Series clock o VARITEXT clock (ID: 531232:2 ESC: erg712797) 2. Support for Intel multiple (dual) core processors. Multiple core processors have two or more processor cores in each physical package, continuing the trend started with hyperthreading, but offering enhanced parallelism and improved performance due to additional processor cores. Multiple processor cores are automatically detected and utilized if they are available. However, hyperthreaded processors are not utilized unless the administrator specifically requests their use. No additional CPU licenses are required to use either multiple processor cores or hyperthreaded processors. The use of multiple processor cores can be disabled with the boot parameter "MULTICORE=N" entered at the boot prompt or added to the "/stand/boot" file. Having multiple core support enabled has no effect on systems that do not have multiple core processors. If the use of multiple processor cores is explicitly disabled with the "MULTICORE=N" boot parameter, then the use of hyperthreaded processors is also disabled. Hyperthreaded processor support is still disabled by default. Support for hyperthreaded processors can be enabled with any of the following boot parameters: ENABLE_HT=Y HYPERTHREAD=Y ENABLE_JT=Y (ID: 532712:3 SLS: ptf9051b) 3. Support for AMD Dual Core processors. (ID: 532956:2 SLS: ptf9051c) 4. Update message catalogs and fix message catalog errors in PAM-related code. (ID: 531385:2) 5. Support for remote LDAP server authentication. -- A new PAM module (pam_ldap)has been added that allows authentication via PAM against an LDAP Server. OpenLDAP has two more files pam_ldap.so and ldap.so installed as /usr/lib/security/pam_ldap.so and /usr/lib/nss/ldap.so. These two files together can be used to provide authentication against an OpenLDAP server. (ID: 530735:2 ESC: erg712767) 6. IBM BladeCenter w/ BIOS 1.09 loops with USB keyboard -- This problem has been resolved. (ID: 532234:3) Kernel improvements 1. Kernel panic in kma_giveback on Maintenance Pack 1 -- Fixed a kernel panic and possible memory corruption that can occur when a process that has attached shared memory segments fails a fork system call. (ID: 530917:1 ESC: erg712782) 2. Kernel panic in ICH (sound) initialization -- ICH Intel Audio driver: If an interrupt comes in during ICH enumeration from a device sharing an IRQ with the AC'97 controller than the ich_intr() routine can cause a kernel panic due to incorrect lock allocation during enumeration. This has been fixed. (ID: 532377:2) 3. System upgraded from Release 7.1.2 (8.0.0) experiences kernel panics regularly -- Fixed a kernel panic when running LKP binaries, due to a stack corruption. (ID: 533255:2) 4. PCI slot numbers not reported correctly -- This problem has been resolved. (ID: 533303:2) 5. TBLNK tunable parameter has incorrect description message -- The description for the TBLNK tunable parameter says that the adjustment is in minutes instead of seconds, as it actually is. (ID: 530828:2) 6. Balance callouts across multiple cpus -- A problem that could have caused kernel timeouts to bottleneck on cpu 0 has been fixed. Support is added to allow running global callout on any cpu. If this feature is enabled via setting callout_balance to 1 in svc.cf/Space.c, then callouts may execute on cpu other than the boot cpu. This has the affect of running callouts at the precise scheduled time in an heavy system workload. (ID: 532367:1 SLS: ptf9051a) 7. Timeouts for bound drivers may run on wrong cpu -- This problem has been fixed. (ID: 532326:1 SLS: ptf9051a) 8. init 0 - unthrottled loop on console input - possible to overheat processor -- If after initiating shutdown, the system is not powered off after the following message is displayed, the processor heats up: System has halted and may be powered off (Press any key to reboot) Added a spin pause instruction into the loop; this is allegedly thermal friendly. (ID: 530708:2 SLS: ptf9051a) 9. System info defines for SI_SET_VERSION and SI_SET_SYSNAME reuse numbers issued to Solaris -- This problem has been resolved. (ID: 533077:1) 10. VxFS snapshot kernel panic using BackupEdge -- Fixed 2 kernel panics and a hang related to reading snapshot filesystem via direct I/O. (ID: 532771:2) 11. System hung processes waiting on lock -- Asynchronous VxFS transaction log flush can hang forever when MPIO layer detects a path failure and attempts path recovery. This can freeze all other file system activity, and cause system hang. The fix is to setup the correct flags in I/O request buffer when Asynchronous I/O operation is requested. (ID: 530400:3 ESC: erg712725) 12. Kernel panic when running OpenServer binary -- This problem has been resolved. (ID: 529023:1) 13. Bad declaration of _h_errno() function return type -- Change netdb.vh and libsocket/inet/nd_gethost.c to agree that _h_errno() returns "int *" and not "const int *". (ID: 531073:1) 14. On IBM x445 with 3.0 Ghz cpu(s) the OS does not detect the whole memory after a reboot -- Fixed mps and atup psm initialization to do "himem" detection after APIC and PIC initialization or after masking all interrupts on PIC, otherwise unexpected hardware interrupts can cause failure of v86bios() calls to detect "himem" via BIOS e820 interfaces, leading to OS not detecting whole system memory. (ID: 530717:2 ESC: erg712765) 15. Priocntl on an FP-class process running an OpenServer 5 binary may panic the kernel. -- For the SVR5 ABI, the value FP_NOCHANGE is defined to be -5. For the OSR5 ABI, this value is SCO_RT_NOCHANGE, defined to be -1. The fix is to have the kernel use FP_NOCHANGE internally to mean "no change", and to have fp_parmsin convert SCO_RT_NOCHANGE to FP_NOCHANGE when accepting a request from an OSR5 ABI program. (ID: 531493:2) 16. Kernel panics with trap E after running Java program -- This problem has been resolved. (ID: 533322:3) 17. Added new native hot-plug interfaces to SDI so newer drivers can dynamically remove and add targets. (ID: 532894) 18. PSM fix for Intel S3E31XX (Harwich) BIOS not having BSP as first entry in MPS cpu tbl -- The Boot Strap Processor is incorrectly identified on the Intel S3E31xx series (Harwich/Twin Castle) platform. This problem manifests itself as a spontaneous system reset when the remaining processors are brought online. PSM now smarter about location of BSP entry, preventing reboots when additional processors are brought online. (ID: 532473:2 SLS: ptf9051) 19. xAPIC detection is broken on systems with > 8 logical processors -- This problem has been resolved. (ID: 532824:2 SLS: ptf9051b) 20. mega driver high CPU consumption -- Interrupts may be incorrectly routed when the ACPI boot parameter is set with "ACPI=Y". It may also occur on uniprocessor systems that support hyperthreading and do not have MPS BIOS tables when the ENABLE_JT boot parameter is set with "ENABLE_JT=Y". This problem only manifests itself on systems with complex bus architectures. Symptoms that the fix is required are any of: a. High CPU consumption in interrupt time when the system is otherwise idle, as indicated by sar and/or rtpm. b. Devices with interrupt timeouts. c. PCI devices that cannot be found. (ID: 531694:2 SLS: ptf9051a) 21. ACPI:Unable to access PCI config space error when enabling jt -- This problem has been fixed. (ID: 531695:2 SLS: ptf9051) 22. Deadlock in asyc output stream -- This problem has been resolved. (ID: 531720:2 ESC: erg712825) Security improvements 1. SECURITY: tcpdump Denial of Service -- [SCOSA-2005.60] Various flaws in tcpdump can allow remote attackers to cause denial of service. To fix this, tcpdump and libpcap have been updated to version 3.9.3 and 0.9.3 respectively. (ID: 532314:2 ESC: erg712849) 2. SECURITY wu-ftp Denial of Service -- [SCOSA-2005.28] The wu_fnmatch function in wu_fnmatch.c allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. (ID: 532336:2 ESC: erg712855) 3. SECURITY: rpcbind Denial of Service -- [SCOSA-2005.31] When the RPC portmapper (rpcbind) receives an invalid portmap request from a remote (or local) host, it falls into a denial of service state and cannot respond. As a result, the RPC services will not operate normally. (ID: 532477:2 ESC: erg712862) 4. SECURITY: telnet client information disclosure -- [SCOSA-2005.35] The telnet client allows remote malicious telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. (ID: 532338:4 ESC: erg712857) 5. SECURITY: telnet client multiple issues -- [SCOSA-2005.21] Buffer overflow in the slc_add_reply function when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. Heap-based buffer overflow in the env_opt_add function in telnet.c allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated. (ID: 531446:2 ESC: erg712801) 6. SECURITY: uidadmin Buffer Overflow Vulnerability -- [SCOSA-2005.54] Local exploitation of a buffer overflow vulnerability in the uidadmin binary allows attackers to gain root privileges. Successful exploitation of this vulnerability requires that user have local access to the system. This would allow the user to gain superuser privileges. (ID: 533178:3) 7. SECURITY: Racoon Denial of Service -- [SCOSA-2005.37] Racoon is an IKEv1 keying daemon, a common IPSec Utility. Due to a bug in the way the Racoon parsed incoming ISAKMP packets, an attacker could possibly crash the racoon daemon by sending a specially crafted ISAKMP packet. (ID: 531604:2 ESC: erg712818) 8. SECURITY: ICMP TCP connections may be degraded or dropped -- [SCOSA-2005.36] The ICMP RFC recommends no security checking for in-bound ICMP messages, so long as a related connection exists, and may potentially allow several different Denials of Service. The following individual attacks are reported: A blind connection-reset attack is reported, which takes advantage of the specification that describes that on receiving a 'hard' ICMP error, the corresponding connection should be aborted. A remote attacker may terminate target TCP connections and deny service for legitimate users. An ICMP Source Quench attack is reported, which exploits the specification that a host must react to ICMP Source Quench messages by slowing transmission on the associated connection. A remote attacker may effectively degrade performance for a legitimate connection. To fix these issues, a new networking parameter tcp_ignore_quench is introduced for configuring ICMP source quench message behavior for tcp connections. When it is set to 1, ICMP source quench messages are ignored for tcp connections. Default value of this parameter is 1. (ID: 530661:3 ESC: erg712758) 9. SECURITY: TCP RFC1323 denial of service -- TCP connections can be stalled/dropped using the TimeStamp option of a TCP connection. (ID: 531593:2 ESC: erg712814) 10. SECURITY: ppp prompt buffer overflow vulnerability -- [SCOSA-2005.41] Local exploitation of a buffer overflow vulnerability in the ppp binary, allows attackers to gain root privileges. (ID: 532994:2 ESC: erg712940) 11. SECURITY: Xloadimage NIFF Image Title Handling Buffer Overflow -- [SCOSA-2005.56] A buffer overflow in xloadimage, might allow user-complicit attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations. (ID: 533253:3) 12. SECURITY: cpio directory traversal vulnerability -- [SCOSA-2005.32] A malicious user can create cpio archives containing absolute pathnames and/or relative pathnames like ../ (dot dot/) causing users running cpio -i to inadvertently overwrite files on their system. To prevent it, a new option "-N" is provided for "safe mode", where cpio is trapped inside the present working directory while extracting files. (ID: 532333:2 ESC: erg712854) 13. SECURITY: Lynx Remote Buffer Overflow -- [SCOSA-2005.47] A vulnerability in Lynx can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "HTrjis()" function in the handling of article headers sent from NNTP (Network News Transfer Protocol) servers. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site which redirects to a malicious NNTP server via the "nntp:" URI handler. Successful exploitation allows execution of arbitrary code. As part of this fix lynx has been updated to 2.8.5. (ID: 533159:3) 14. SECURITY: Lynx Command Injection Vulnerability -- [SCOSA-2005.55] Remote exploitation of a command injection vulnerability could allow attackers to execute arbitrary commands with the privileges of the underlying user. The problem specifically exists within the feature to execute local cgi-bin programs via the "lynxcgi:" URI handler. The handler is generally intended to be restricted to a specific directory or program(s). However, due to a configuration error on multiple platforms, the default settings allow for arbitrary websites to specify commands to run as the user running Lynx. (ID: 533314:3) 15. SECURITY: libXpm may allow attackers to execute arbitrary code -- [SCOSA-2005.57] An integer overflow vulnerability in libXpm can be exploited by a remote user to cause arbitrary code to be executed. The 'scan.c' code does not properly validate user-supplied data contained in image files. A remote user can create a specially crafted image file that, when processed by the target user or application, will trigger the overflow and execute arbitrary code. (ID: 533161:6) 16. SECURITY: docview htdig cross site scripting flaw -- [SCOSA-2005.45] Cross-site scripting vulnerability in docview (htdig) allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. (ID: 531483:2 ESC: erg712807) Networking improvements 1. The OpenLDAP Software Suite (openldap) package, version 2.1.22-01: 1. libthread was not linked properly. The previous configuration used -lthread instead of -Kthread while building opendlap. (ID: 530735) 2. The binaries are now dynamically linked with LDAP and DB libraries. (ID: 530735) 3. Support added for remote LDAP server authentication. -- OpenLDAP has two more files pam_ldap.so and ldap.so installed as /usr/lib/security/pam_ldap.so and /usr/lib/nss/ldap.so. These two files together can be used to provide authentication against OpenLDAP server. (ID: 530735 ESC: erg712767) 2. named (9.2.1) fails to switch to secondary forwarder in the event of primary failure -- This has been resolved. Additionally, BIND has been updated to version 9.2.5. (ID: 532808:3 ESC: erg712896) 3. telnet sessions have incorrect timestamp in syslog -- This problem has been fixed. (ID: 532534:1) 4. netstat command does not find the IP/name of the configured interfaces -- netstat was not displaying network and IP addresses properly. (ID: 530807:2) 5. Delays seen when doing rsh, rlogin, or rcp into a UnixWare 714 MP1 box. The pam_rhosts module has been modified to use text-based comparison to check whether the host requesting rsh, rlogin, or rcp is listed in .rhosts or /etc/hosts.equiv. This behavior is consistent with UnixWare behavior in earlier releases which did not support PAM. In contrast, the previous release of the pam_rhosts module used an IP-address comparison to check for host equivalence. A new option, "checkaddr," has been added to the pam_rhosts module. Use of this option will cause pam_rhosts to use an IP-address comparison for host equivalence. (ID: 530252:2 ESC: erg712708) 6. To exclude users from password aging rules, e.g., for FTP, "passwd -n2 -x1 " is used. This is supposed to remove password aging restrictions from the login, so that the password never expires; however, FTP login failures due to password aging still occurred after executing the above. The problem was found in the PAM module for FTP, and has been fixed. (ID: 530051:1) 7. Unloading ipf causes kernel panic -- This problem has been resolved in the ipf-4.1.3a package. (ID: 531340:2) 8. Kernel panic in fsflush_pageflush while running du on NFS mount point. -- Fixed a race between fsflush which is releasing an un-referenced vnode and NFS rnode allocation code which is trying to re-use the same free'd/inactive vnode, leading to kernel panic. (ID: 530399:4 ESC: erg712724) 9. xntpd does not include support for parse clocks like a HOPF6021 clock -- Support for HOPF Serial Device and the following clocks is enabled in NTP demon and utilities: o Diem Computime Radio Clock o ELV/DCF7000 clock o HOPF 6021 clock o Meinberg clocks o RCC 8000 clock o Schmid DCF77 clock o WHARTON 400A Series clock o VARITEXT clock (ID: 531232:2 ESC: erg712797) 10. Incompatibility in bind() between OSR5 and UW7 -- OSR5 application socket API compatibility (ID: 529470:2) 11. System hang after pulling NIC cable (e1008g) -- This has been resolved. The fix is in the nd-8.0.2c package. (ID: 531667:3 ESC: erg712824) 12. TCP timers can delay other critical activity -- On a system with a high TCP connect/disconnect rate (such as a server receiving a large number of web requests), TCP timers such as 2msl, zombie, etc., can take a significant amount of time to process and clean up connections. This has the potential of starving/delaying other non-tcp/tcp timers as well as possibly STREAM activity. This problem has been fixed. (ID: 532371:1) 13. OSR5 ioctl compatibility - TI_GETINFO -- OSR5 application ioctl compatibility fix. (ID: 533297:3) 14. MTU is not set correctly in response to an ICMP Error - Fragmentation Needed -- This has been resolved. (ID: 529427:1 ESC: erg712617) 15. /etc/mkfilters doesn't generate a valid filter for ipf to use -- This problem has been resolved. (ID: 532361:2) 16. DHCP server isn't working -- Allow multiple control options to be received. (ID: 531979:2) 17. dlpid does not failover to chain of NICs, nor share backups, mismatching our doc -- dlpid updated for failback and failover to chain of NICs. (ID: 529245:4) 18. nfs mount kernel panic if file system exported with anon=-1 -- If a system exports an nfs file system with anon=-1 and another tries to mount it, the client panics, or the mount command hangs leaving an unkillable process. This problem has been fixed. (ID: 531195:2, 531986:2) 19. e1008g nic driver report same device when network unplugged from 2 different devices -- The e1008g driver prints (slot, port) which can be same since the confmgr assigns slot number (0) to all on-board devices and the e1008g driver assigns unique port numbers to devices that have same slot numbers and are on the same bus. If the on-board devices are on different buses, the (slot, port) combination would be same. Modified e1008g driver to print (slot,port,bus) when link goes up/down. The fix is in nd-8.0.2c package. (ID: 532442:3 ESC: erg712895) 20. d21x .bcfg files - leading spaces in CUSTOM params screws up ISL. -- Removed white space in d21 *.bcfg files as well as mdi_wan - all the .bcfg files for the ISDN code. (ID: 530920:1) USB improvements 1. Work around problem with IBM Blade Server (eserver 8677-1xx) BIOS version 1.09 that cause system kernel panic shortly after boot. (ID: 531479 SLS: ptf9051a) 2. USB printing errors on select combinations of printers and write patterns. -- Fixed USB printing errors most commonly seen as corruption at end of print job. (ID: 532127:2) 3. Cannot access USB floppy after hot adding and sdiconfig -l output is corrupted -- Fixed USB floppy drive issue, non-synchronized assignments of controller number by both pdiunits and SDI layer cause overlapping and conflicting SDI unit numbers assigned to usb_msto, causing problems while accessing USB floppy drive(s). (ID: 529971:2 ESC: erg712669) Motif library and X improvements 1. The X11R6 X Server (xserver) package, version 8.0.2c: 1. SECURITY: Xserver local users can gain root -- [SCOSA-2004.2] Buffer overflow in the ReadFontAlias function in Xsco may allow local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias file. (ID: 528865:2 ESC: erg712546)/OS/Gui/X_Motif/XSrvr 2. A memory corruption in the X server was causing the X server to crash. -- This problem has been resolved. (ID: 530745 ESC: erg712769) 3. The X server does not properly display a dotted line separator. -- This problem has been resolved. (ID: 531054:2 ESC: erg712794) 2. X clients receive FocusIn event twice, first when the window is clicked and second when a widget a clicked. This problem has been resolved. (ID: 531053:2 ESC: erg712793) 3. A black mark is displayed under the first character if the height of a text widget is smaller than the height of the character. This problem has been resolved. (ID: 532175:2 ESC: erg712839) 4. Problem with list items in list widgets fixed. If a user clicks on an item in a List widget with SelectionPolicy set to BROWSE_SELECT or SINGLE_SELECT and then clicks on another list item within DoubleClickInterval, the click is treated as second click of the double-click on the original item. The visual affect is that the cursor moves to the second item while the highlight frame remains on the first one. The problem is not seen with short DoubleClickInterval because it's very difficult to do the second click on a different item within that short interval. (ID: 532813:2 ESC: erg712897) 5. A dotted line separator is not displayed correctly. -- This problem has been resolved. (ID: 531054:2 ESC: erg712794) 6. Focus is not set on newly created windows in mwm -- The Motif window manager sometimes does not set focus on the newly created windows. This problem has been resolved. (ID: 533334:2) 7. In the Japanese keyboard input environment, the Xserver dies after certain keyboard operations. -- Optimized code in the server was causing memory corruption in these circumstances. The calls to optimized functions were replaced with calls to unoptimized functions, and the problem has been resolved. (ID: 530745:2 ESC: erg712769) 8. Support for ATI Radeon ES1000/RN50 graphics card -- Support for the ES1000/RN50 video card has been added to the xdrivers-8.0.2b package. (ID: 532713:1) 9. Permission of /usr/X/lib/X11/xkb/symbols directory is 0644 -- This causes incorrect LED behavior on the keyboard. Permissions on the directory /usr/X/lib/X11/xkb/symbols changed to 0755. (ID: 528560:3) Commands 1. The more command does not properly handle files with multibyte characters. It splits multibyte characters across lines and gives the following error: more: Illegal byte sequence (ID: 531424 ESC: erg712800) 2. The file command and /etc/magic file have been enhanced to provide better and POSIX compliant reporting of command text file types, additional information about ELF object files and core dumps, and recognize additional special file types. (ID: 532351) 3. The cm_vtcld and scoadmin utilities core dump when SFNOLIM is tuned higher than 32767. (ID: 527772:3 ESC: erg712304) 4. After using `ap`, owner accounts can't gain owner privs -- Fixed the failure to get owner privileges when logged in as owner. (ID: 533134:2 ESC: erg712965) 5. Can't display multibyte character on samba-3.0.4 -- The iconv command failed to convert between the eucJP and sjis codesets with the following error message: UX:iconv: ERROR: No support for eucJP to sjis This problem has been resolved. (ID: 530767:2 ESC: erg712771) 6. Further tapecntl commands blocked after tapecntl -e interrupted -- Added support for tape erase i/o process abort in tapecntl and st01. (ID: 529485:3 ESC: erg712616) 7. Mailx - incorrect optimization in collect.c - stripnulls() -- Updated /usr/bin/mailx. (ID: 531705:3) 8. fdisk formatting needs update for large disks (> 10K cyls / 76.6 GB) -- Increased fdisk column widths for larger disk sizes, to prevent column overrun/staircase display for multiple partitions. (ID: 530772:2) Development System The fixes in this section are contained in the uw714m4, libc, and uccs packages. 1. Segementation faults fixed. Repaired bugs which, in certain situations involving extra long lines in the /etc/passwd, /etc/group, or /etc/shadow files, caused stale pointers to be dereferenced, likely resulting in segmentation faults. (ID: 531950 ESC: erg712834) 2. Add support for classic OpenServer "gencat" message catalogs. (ID: 532671) 3. Move the getmnt*, putmntent, getvfs*, putvfsent APIs from libgen into the shared part of the C library. (ID: 531331) 4. Add the setenv() and unsetenv() APIs (matching The Open Group specifications) to the C library. -- The routines have been added. (ID: 533075:1) 5. The cc command now supports compiling .S-suffixed files. -- These are assembly language source files that are first passed through the C preprocessor. This allows for assembly language coding across different assembler dialects. The cc command has been modified to support .S files. They are sent to the usual acpp preprocessor, with an additional option to request no extra whitespace insertion. Note that support for .S was not added to the CC command, since the additional complexity required to support it in CC is not justified by the modest user benefit it would provide. (ID: 531455:6, 531445:7) 6. Copy propagation optimizations may have failed to consider side-effects in the left operand of an assignment statement, resulting in incorrect code being generated for statements of the form: *ptr1++ = .... *ptr2 .... and both pointers had the same value an earlier sequence point in the current code block. (ID: 531705) 7. The C (C++) compiler support for _Bool (bool) was corrected so that all arithmetic operations will store either a 0 or 1 to a boolean object. (ID: 531941, 532751) 8. The C compiler support for compound literals was corrected so that they are appropriately reinitialized when used as part of a loop's controlling expression. (ID: 531447, 531350) 9. The C and C++ compiler floating expression evaluation will now correctly narrow (by default and with -Kieee) the value which results from a floating-typed assign-op computation. (ID: 531447, 531350) 10. The redundant push/pop elimination optimization done by the assembly peep-hole optimizer (optim) may have incorrectly used the EAX scratch register when it holds the function return value obtained from a call to another function. (ID: 532298) 11. Plum Hall CV suite (cvs04a) - multiple issues -- This problem has been resolved. (ID: 531249:2) 12. Automatic compound literal initialization repeated in loop - PH conform/lang -- This problem has been resolved. (ID: 531250:2) 13. strip/mcs fail to adjust section indices for newer ELF features -- Change strip/mcs code to adjust these additional section indices. Note that this is the only instance where strip/mcs will fiddle with the contents of a section. Also need to update the ELF headers to have the missing SHT_ and SHF_ macros. (ID: 533355:1) 14. Copy propagation does not check for side-effect on left side of tree -- This has been resolved. (ID: 531705:4) 15. Inconsistent rounding in CSE temp -- This changes floating point code generation for C and C++ in those circumstances where a floating "common subexpression" is saved for later use. Instead of saving it with the precision of its implicit type, it will be saved as a full- width 80-bit value so that when it is later used it behaves just as if it had been recomputed for each such use. (ID: 532927:1) 16. optim is trying to keep both halves of a 64 bit value in 1 32 bit register -- Update a function within optim to check whether registers contain implicitly live data before using them. (ID: 532298:2) 17. Optim generates some incorrect code following boolean fixes. -- This problem has been resolved. (ID: 531941:2) 18. Order of object files in lib++.a inconsistent from build to build -- Change made as suggested in incident. (ID: 532693:1) 19. getXXent_r() APIs misbehave when the buffer is too short -- Add code to reset to the start of the line in this situation for the C library APIs. For the NIS aware ones, have it reuse the already created struct in this case. (ID: 533169:1) 20. Two bugs in getgr* and getpw* -- Just need to include the NIS_SCAN bit when setting the NIS_FIRST one for the nss_nis_get*ent*() routines. (ID: 530952:3) 21. /usr/include/net/if.h compile errors in C++ -- This problem has been fixed. (ID: 531548:2) Application Fixes * The Open Secure Shell (openssh) package, version 4.2p1: 1. SECURITY: OpenSSH has been updated from version 3.9p1 to 4.2p1. -- [SCOSA-2005.53] Please see the openssh website for the list of changes. http://www.openssh.com/ (ID: 532373:1, 532978 ESC: erg712922, erg712933) * cdrtools - A set of tools for CD/DVD Recorders package, version 2.01.01a01: 1. SECURITY: [SCOSA-2005.20] Cdrtools has been updated from version 2.01a27 to 2.01.01a01 to fix the following problem: Cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. (ID: 530156:2 ESC: erg712690) * The ESP Ghostscript (gs) package, version 7.07.1: 1. ESP Ghostscript has been updated from version 7.05.6 to 7.07.1. Please see the cups website for the list of changes. http://www.cups.com/ (ID: 532587:1) * The GNU file compression utilities (gzip) package, version 1.3.5: 1. SECURITY: Gzip Multiple Vulnerabilities [SCOSA-2005.58] gzip crashes when an input file name is longer than 1020 characters. zgrep in gzip does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. Race condition in gzip, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. Directory traversal vulnerability in gunzip -N allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. (ID: 532919:2 ESC: erg712915) 2. Gzip updated to handle large files (<4GB). (ID: 532327 ESC: erg712850) * The Squid Caching Proxy Server (squid) package, version 2.5.STABLE12: 1. SECURITY: [SCOSA-2005.44] Squid has been updated from version 2.5.STABLE7 to 2.5.STABLE12 to fix several security problems. -- Please see the squid website for the list of changes. http://www.squid-cache.org/ (ID: 530961, 530961, 533116, 533151, 533254 ESC: erg712785, erg712785) 2. Reinstated the following which were inadvertently dropped when squid was updated to 2.5.STABLE7: o CARP o Heap removal policy o ICMP o Delay pools o User-Agent logging o Kill parent on shutdown o SNMP monitoring o HTCP o USE_CACHE_DIGESTS Additionally enabled the following: o Referer logging (ID: 531636:2 ESC: erg712823) * The TIFF Library and Utilities (tiff) package, version 3.7.3: 1. SECURITY: [SCOSA-2005.19 SCOSA-2005.34] Tiff has been updated from version 3.5.7 to 3.7.3 to fix several security problems. Please see the tiff website for the list of changes. http://www.remotesensing.org/libtiff/ (ID: 531015, 532775 ESC: erg712790, erg712889) * The MySQL package - multi-threaded SQL database server (MySQL), version 4.1.11: 1. SECURITY: [SCOSA-2005.27] MySQL has been updated from 3.23.49 to 4.1.11 to fix security problems. -- Please see MySQL website for the list of changes. (ID: 531603 ESC: erg712817) * The Mozilla (mozilla) package, version 1.7.12: Note: After installing the latest Mozilla package, you will also need to download and install the latest Java packages so that Mozilla continues to work properly. The Java packages are available separately from the UnixWare 7.1.4 Supplement Page at: http://www.sco.com/support/update/download/product.php?pfid=1&prid=6. 1. SECURITY: [SCOSA-2005.25] [SCOSA-2005.29] Mozilla has been updated from 1.2.1b to 1.7.12 to fix several security problems. -- Please see the Mozilla website for the list of changes. (ID: 528733:2, 528734:2, 530151:2, 530485:2, 530642:2, 531626:2, 532631:2, 532645:2, 533017:1 ESC: erg712686, erg712734, erg712748, erg712820) Other Fixes 1. The Berkeley DB Library (db) package, version 4.1.25: 1. Minor configuration changes were done while building the db library. (ID: 530735) 2. The Documentation was moved from /usr/docs to /usr/share/db/doc/ and link was added to DocView. (ID: 530735) 2. The General Purpose Data Compression Library (zlib) package, version 1.2.3: 1. SECURITY: [SCOSA-2005.33] zlib has been updated from version 1.2.1-01 to 1.2.3 to fix several security problems. -- Please see the zlib website for the list of changes. http://www.zlib.net (ID: 532198:1, 532826 ESC: erg712898) 3. The OpenSSL (openssl) package, version 0.9.7i: 1. SECURITY: OpenSSL has been updated from version 0.9.7d to 0.9.7i. -- [SCOSA-2005.48] Please see the openssl website for the list of changes. http://www.openssl.org/ (ID: 531858:1, 533160) 2. The OpenSSL Documentation (openssld) package, version 0.9.7i, provides the updated documentation for the openssl package version 0.9.7i. 4. UW7.1.4 ide driver returns Undefined Symbol fs_clrioevent in loadable module -- While prototyping, doGetHBA has been changed to force the user to first load the HBA's from the base OS CD and then give the options to load the TP HBAs. This ensures that the .extra.d/ tools are also copied properly. (ID: 530541:1 ESC: erg712766) 5. URK714:Filesystem missing from vfstab is not replicated -- sliceinfo script has been changed to mount the slices having fs but not mounted to temporary mount points and hence replicated properly. (ID: 530568:1 ESC: erg712744) 6. Listing groups using the ScoAdmin Account Manager dumps core for certain sized group entries -- Long entries in /etc/passwd, /etc/group, and /etc/shadow caused the listgrp function to dump core. This has been fixed. (ID: 531950:2 ESC: erg712834) 7. Provide updated MySQL package for UnixWare 7.1.4 MP CD -- MySQL package now included in ISO image. (ID: 530657:1) 8. SCO Clusters license definitions -- Added SCO Clusters licenses in the default product database. (ID: 533284:2) 9. Need PMAPI calls for user and cpu counts -- This problem has been resolved. (ID: 532928:2) Drivers 1. Intel e1008g Gigabit driver 2.7.5 reports "Speed/Dx:10/H" -- This problem has been resolved. (ID: 517482:1) 2. Intel Centrino Wireless driver -- ipw, Intel Centrino PRO/Wireless 2200BG NIC driver supported adapters: Intel PRO/Wireless 2200BG NIC (built in laptop) (ID: 531382:2) 3. Intel PRO/100 eeE8 version 3.0.2 driver -- eeE8 3.0.2, Intel(R) PRO/100 supported adapters: ================== CardBus Adapters ============ Intel PRO/100 CardBus II MBLA3300 Intel PRO/100 S Mobile Adapter MBLA3300 C3 Intel PRO/100 CardBus II MBLA3400 645477-xxx PRO/10+ PCI PILA8500 649439-xxx PRO/10+ PCI PILA8520 701738-xxx Pro/100+ PCI Management Adapter PILA8461 668081-xxx Pro/100+ PCI PILA8460 721383-xxx Pro/100+ PCI Management Adapter PILA8460B 741462-xxx Pro/100+ PCI PILA8460BN 748566-xxx PRO/100 S Management PILA8460BUS 748564-xxx PRO/100 S Management PILA8464B 742252-xxx InBusiness(tm) 10/100 adapter SA101TX 351361-xxx PRO/100 PCI PILA8465 352509-xxx EtherExpress(tm) PRO/100B PCI adapter PILA8465B 352433-xxx PRO/100B PCI T4 PILA8475B 691334-xxx PRO/100+ PCI Management Adapter PILA8900 A80897-xxx PRO/100 M Desktop PILA8460M 751767-xxx PRO/100 S Desktop PILA8460C3 ================== Server Adapters ============ 714303-xxx PRO/100+ Dual Port Server Adapter PILA8472 748565-xxx PRO/100 S Server PILA8474B 748568-xxx Intel(c)PRO/100 S Server PILA8474BUS 710550-xxx PRO/100+ PCI Server Adapter PILA8470 729757-xxx PRO/100+ Server Adapter PILA8470B A56831-xxx PRO/100 S Dual Port Server Adapter PILA8472C3 752438-xxx PRO/100 S Server PILA8470C3 A28276-001 Intel(c) PRO/100+ Dual Port Server Adapter 61PMCA00 82559 Fast Ethernet LOM with Alert on LAN PRO/100 S Mobile LAN on Motherboard PRO/100 VM Network Connection PRO/100 VE Network Connection HP NC1120 Ethernet NIC HP NC3120 Fast Ethernet NIC HP NC3121 Fast Ethernet NIC HP NC3122 Fast Ethernet NIC HP NC3123 Fast Ethernet NIC HP NC3131 Fast Ethernet NIC HP NC3132 Fast Ethernet NIC HP NC3133 Fast Ethernet NIC HP NC3134 Fast Ethernet NIC HP NC3135 Fast Ethernet Upgrade Module HP NC3160 Fast Ethernet NIC HP NC3162 Fast Ethernet NIC HP NC3163 Fast Ethernet NIC HP 10/100 TX PCI Intel WOL UTP Controller (ID: 532544:1) 4. Kernel panic during reboot in closef_l+83 -> spec_close+200 -> device_close+43. -- Race condition in DLPI open and close causing memory corruption. (ID: 532230:2) 5. nics and nd packaging rework -- The tcpdump binary, and the libpcap library and header files have been moved from the nd package to the nics package. (ID: 533124:2) --------------------------------------------------------------------- §8.4: Problems Fixed in Maintenance Pack 4: Commands and Utilities Development System Drivers Graphics Kernel Installation Networking Operating System SCOAdmin Security Other Fixes Commands and Utilities 1. ps command does not output cpu time correctly -- The ps utility has changed its default format displayed for processes using at least an hour's worth of CPU time when POSIX2 is set in the environment. The format used in this case is now [DDD-]HH:MM:SS, where SS is seconds, MM is minutes and HH is hours, all shown with two digits; DDD is days and are displayed only when necessary. Otherwise, the CPU time for processes remains as it has been -- M:SS, where M is minutes, taking as many digits as necessary. (ID: 532903:1) 2. /sbin/emergency_disk incorrectly enumerates cdrecord device -- Updated /sbin/emergency_disk to correctly set the cdrecord device scsibus for all cases. (ID: 533423:2) 3. hpnpIS.model does not retry if the printer reports a fault. This results in lost prints -- Fixed the issue of lost prints for hpnpIS.model script. (ID: 530365:1) 4. pkgadd and pkgrm send e-mails without subject line -- The mail message sent to the system administrator announcing the results of a pkgadd or pkgrm will now include a simple subject string of "pkgadd" or "pkgrm" and the name of the package being installed or removed. (ID: 529864:1) 5. pkgadd does not properly install some files -- A package installation bug which sometimes occurred when attempting to replace a symbolic link with a regular file (where the installation would fail with an internal consistency error) has been fixed. (ID: 530818:1) 6. depend(4) incompatible dependency not working correctly -- A bug has been repaired where a package was blocked from being installed when it was taken to match an existing installed package's depend(4) "incompatible" entry, even though the entry had an architecture or version (or both) which did not match the package attempting to be installed. (ID: 531552:1) 7. add -DTRR_HACK to 8.1.13 -- The MP4 sendmail 8.1.13 includes a modification that causes /usr/lib/sendmail -C conffile invocations where conffile corresponds to the name of the sendmail binary to be processed with full privileges. (ID: 534887:1) 8. syslogd core dumps if syslog.conf contains spaces -- Fixed core dump issue when TABs are replaced by spaces between facility:level and target in syslog.conf. (ID: 534059:2) 9. uadmin hangs system -- Improvements to uadmin reduce delay during shutdown. (ID: 534484:2) 10. extended DST will require new timezone rules -- The US Daylight Saving Time rules were changed in 2005 to come into effect in 2007. Now DST starts at 2am (local time) on the second Sunday of March, and ends at 2am on the first Sunday of November. (ID: 532758:2 SLS: ptf9052e) 11. Australia changes TZ rules -- Western Australia has decided to reinstate Daylight Saving Time for a few years. This update to the compiled timezone files (in /etc/TZ) includes this change. (ID: 534117:1 SLS: ptf9052f) 12. Diff -h gives a core dump on certain ASCII files -- "Memory fault (coredump)" may occur on a "half-hearted" diff command - "diff -h". Problem was an insufficient buffer size allocated for handling UTF-8 characters. This problem has been fixed. (ID: 515381:1) 13. The "file" command should be able to identify huge files (>2GB) -- The file command has been modified to use specific 64-bit stat and open functions, allowing files greater that 2 gigabytes to be queried. (ID: 533973:1) 14. Xenix version 2.3 or 3.0 a.out not reported as "pre-SysV" -- The file command now correctly reports "pre-SysV" for version 2.3 and 3.0 Microsoft Xenix a.out files. (ID: 534488:2) 15. Add context feature to grep matching the GNU version -- grep and egrep now support a context window feature. With -C, they will by default display the two previous and two successive lines surrounding the line matching the regular expression. The window size can be adjusted from the default with -A num (how many lines after) and -B num (how many lines before). Disjoint matching context windows are separated by a "--" line. (ID: 533835:1) 16. /u95/bin/ksh memory leak -- The newer Korn shell (ksh93) has been built so that it has a smaller memory footprint. (ID: 534721:1) 17. ksh has problems with high radix arithmetic -- The Korn shell's handling of I/O for numeric variables with bases 49 through 64 has been repaired. The digits 'M', 'N', '', and '_' had been mishandled. (ID: 534835:1) 18. /usr/bin/login sometimes fails when trying to change to user's home directory. -- Fixed a memory corruption problem in /usr/bin/login that caused it to fail when trying to change to the user's home directory. This problem only affected /usr/bin/login; it did not affect /usr/lib/iaf/login/scheme. (ID: 533920:2) 19. usemouse is sending extra "right button press" indication -- Correctly process the mouse motion and button events. (ID: 534725:3) 20. ln -sf src dst where "dst" exists fails, where -f should make it work regardless -- The ln utility was repaired so that the combination of the -s and -f options will cause the symbolic link to be created, even if the file already exists. (ID: 534091:1) 21. pkgmk fails when using '-c' and packaging a file like 'file$1name' -- A problem existed, where, if pkgmk was invoked with the compress (-c) option, and the prototype file had a filename mentioned which had a '$' in it, the pkgmk would fail. This problem has been resolved. (ID: 534023:1) 22. Upgrade UnixWare sed so that it has "no" fixed limits -- All fixed limits (buffer sizes, line lengths, and so on) have been removed from the sed utility. (ID: 533836:1) 23. vi does not work with large windows -- The internal buffer sizes for vi have been substantially increased to permit handling of larger text window sizes and files with longer line lengths. (ID: 534881:1) 24. Update emergency_disk mkisofs and cdrecord options -- Some /sbin/emergency_disk mkisofs and cdrecord options have been changed when writing to CD-R or -RW media: - Removed the mkisofs and cdrecord -v options to significantly reduce the /sbin/emergency_disk command output while still displaying a sufficient amount of output for debugging potential problems. - Changed the mkisofs -P option to -publisher to avoid warnings about its use. - Changed the mkisofs floppy-emulation boot option to no-emulation to eliminate the 2.88 MB cdrom boot image size limit. - Added the cdrecord -gracetime=2 option (the minimum) to reduce the pause before writing to the media. (ID: 534331:2) 25. Can't access USB tape drive using emergency recovery cdrom -- Create USB tape drive device nodes when using the emergency recovery cdrom tape restore option. (ID: 534147:3) Development System 26. "putenv()" deadlocks in multithreaded code -- A potential deadlock for threaded programs calling putenv() or setenv() very early (before any dynamic memory allocation has occurred) has been eliminated. (ID: 534709:1) 27. Cast of C++ address constant to "long long" results in ICE or bad code. -- The C++ compiler was fixed so that it neither generates bad code nor fails with an internal compiler error when casting an address constant to a 64-bit integer type. (ID: 534078:1) 28. C++ compiler assertion failure in automatic template instantiation -- A C++ internal compiler error failure (an assertion in templates.c) has been fixed involving automatic template instantiation. (ID: 534213:2) 29. Spurious diagnostic on members of nested classes in unnamed namespace -- When a member function of a nested class in an unnamed namespace was defined, the C++ compiler used to issue a warning that that function was defined but not referenced even though it was used by a member function of the enclosing class. (ID: 534214:2) 30. Incorrect clean-up of EH object - ptr to class -- When the type of a thrown C++ exception was of type "pointer to class", the C++ runtime exception handling was incorrectly attempting to call the destructor of the class pointed to upon completion of the exception "catch" handler. This runtime bug has been fixed. (ID: 534238:1) 31. Using declaration error - too strict interpretation of C++ standard -- Member using-declarations must refer to declarations that are visible in a direct base class. The C++ compiler used to interpret this rule too strictly when the using-declaration refers to an overloaded function that is made visible in a direct base class through another using-declaration. This is now fixed. (ID: 534675:1) 32. UW714 MP3 C++ code generation defaulting to SIGNED bit fields -- Code generation fixes in MP3 has caused the C++ compiler to treat "plain" bit-fields as signed bit-fields. This is contrary to past practice and the SVR5 (UDK) ABI. This fix is to restore previous and expected behavior. Problem originally corrected in ptf9052d or later. Should C++ developers actually want "plain" bit-fields to be treated as "signed" bit-fields, a new C++ option has been added to allow this. The new option is "-Wf,--signed_bit_fields" on the CC command line. (ID: 533962:1 SLS: ptf9052d) 33. C++ decrement of char bit-fields result in invalid assembly instruction and register combo -- An assembly syntax error generated for a C++ prefix or postfix decrement of an "unsigned char" bit-field has been corrected. (ID: 533998:1) 34. RTTI symbols must be available at runtime for OpenOffice port to SCO Unix -- In support of a port of Open Office 2.x, the C++ compiler now treats RunTime Type Information (RTTI) symbols as global, weak symbols. This allows the Open Office native C++ to UNO bridge to locate and use C++ generated RTTI info when converting UNO exceptions into native C++ exceptions. (ID: 534208:2) 35. Assembler error: part of large C++ template function name read as an opcode -- An insufficient buffer to contain very, very large mangled template function names in the C++ exception handling range table post code generation processing has been resolved. (ID: 534249:2) 36. Postfix addition executed twice when used as index in arg to strcpy() -- A C++ code generation bug where a prefix or postfix operator expression used as an index may be executed twice has been fixed. Incorrect code was limited to cases where the expression was part of an argument to a "single statement" inline function and that argument was used multiple times in that single statement. The problem could also manifest itself if the function was one of the known C standard functions that the compiler may be able to treat as an inline function. (ID: 534437:2 SLS: ptf9052h) 37. Invalid code when field operator used directly with function call returning a class or struct -- A C++ internal compiler error or invalid code generation could occur for an expression that dereferenced a member (type pointer) of the result of a call to a function returning a struct, union or class. This was not a problem with a constructor, or function returning reference or pointer to a struct or class. struct A func_returning_struct (); func_returning_struct().ptr -> other_field; This problem has been fixed. (ID: 534445:1 SLS: ptf9052h) 38. ::wctrans() undefined when _XOPEN_SOURCE is defined -- If _XOPEN_SOURCE is defined, the C wctrans() function is not available. The C++ header file cwctype has been updated to abide by that restriction. (ID: 533723:2) 39. Definition of template class const_mem_fun1_t<> incorrect in header "CC/functional" -- The template function prototype for const_mem_fun1_t() was corrected; "const" qualifier added to the first argument. (ID: 533785:1) 40. Assembler syntax error on C++ inline function - when optimized -- When removing register(s) containing a known zero value from base or base/indexing addresses, the assembly code optimizer has been fixed to replace an implicit zero displacement with an explicit zero displacement to maintain acceptable assembly operand syntax. (ID: 534166:2) 41. Conversion to floating from [unsigned] long long in cplusfe is broken -- Compile time constant conversion involving the cast of a long long integer constant to a floating point was incorrectly truncating the integer value to a 32-bit value before conversion. (ID: 533617:2) 42. ICE: Internal Compiler Error - Open Office 2.0.3 port -- An internal compiler error (ICE) in the C++ compiler detected when porting Open Office 2.0.x has been corrected. The ICE occurred when initializing a large, complex static const array needing runtime results from template functions. (ID: 534043:2 SLS: ptf9052d) 43. Misused intrinsic APIs generate lame diagnostic -- At times brief compilation tests are performed by configure scripts and the like which produce executables which are never intended to be run. As such they may try to "get away" with incomplete calls, such as the following for memset: int main(void){return memset();} Unfortunately this would result in strange diagnostics like "no actual for asm formal: y". This fix changes the compiler so that it will not issue such complaints unless the ASM function code is actually present in the compilation unit. (ID: 534158:1) 44. Compiler should warn about unusual _Bool bit field sizes -- The C compiler is updated to warn when it sees the declaration of a boolean bit-field with a width of more than one bit. (ID: 534130:1) 45. Dropped padding in automatic aggregate initialization -- In certain initializations of automatic (stack) aggregates, the C compiler (prior to this fix) would leave insufficient space for the part to be filled in at runtime. (ID: 534212:1) 46. Problems found running PlumHall test suite -- For strict C90 conformance, when compiling -Xc mode the C compiler will take a //* character sequence as being a division operator followed by the start of a comment instead of being just the start of a //-style comment. It will warn when doing so as this is a change in behavior, albeit a very minor, dusty corner case. Also, the simplest style of compound literal, like (int){2} was broken by a recent repair. This problem has been corrected. (ID: 534226:1) 47. Assembly optimizer erroneously deleting some 3 operand SHLDL instrs -- A bug in the assembly language code peep-hole optimizer, where a three operand SHLDL instruction may be removed erroneously, has been fixed. (ID: 534233:2) 48. cc/CC should automatically pass -$ to acomp for .S file preprocessing -- The cc and CC commands now preprocess .S files so that a $ is a valid identifier character, as it is commonly used as such in assembly code. (ID: 534092:1) 49. Buffer overflow - instruction line - symbolic info and C++ template functions -- The disassembler (dis) may encounter a local buffer overflow when adding symbolic information (-s option) to local branch instructions if the the C++ template function signature is very long. This can occur with a large number of arguments of template class types. The problem has been fixed. (ID: 534579:2) 50. ld can overlay hidden objects in bss when creating relocatable object file -- If ld was used to create an object file from a collection of other object files, some of which included uninitialized static storage (BSS), and name visibility (-B hide or -B export) is applied, then (prior to this fix) some of these BSS symbols could end up assigned improper addresses. (ID: 533672:1 SLS: ptf9052b) 51. application dumps core with ptf9052 linker -- Fixed a problem introduced in ptf9052b which caused ld to allocate and assign improper addresses to some uninitialized static data (BSS) variables when building shared libraries and using name visibility control (-B hide or -B export). (ID: 534100:2) 52. nm - nullptr dereference on many C++ object files -- This fixes a null pointer access bug present when nm was used on ELF files with STV_EXPORTED symbol visibility present. (ID: 534167:1) 53. SVR5 curses unable to draw vertical or horizontal lines on ansi VT screen -- The SVR5 ABI hline() and vline() curses APIs were fixed so that they use the line-drawing characters on ANSI screens. (ID: 534175:2) 54. optim bug causes driver panic -- A bug in the assembly code optimizer logic was corrected where it eliminated certain register-to-register MOV instructions erroneously believed to be redundant, resulting in the loss of a CSE (common subexpression) value in a register. (ID: 533819:2) 55. Loop unrolling breaks updated sed's ycomp() -- The assembler peep-hole optimizer (/usr/ccs/lib/optim) may, on rare occasions, incorrectly remove the "testl" instruction on a loop where the loop-variable is progressing to zero and a previous optimization replaced the decrement (DECL) instruction with an equivalent instruction that does not affect the condition codes. This problem has been corrected. (ID: 533839:1) 56. Optim malloc loop exhausts memory -- A memory allocation logic problem which could result in the exhaustion of available memory has been fixed in the assembly peep-hole optimizer. (ID: 534250:2) 57. Special symbol __libC_init for RRTLD is not visible in libC.so.1 -- The special symbol to denote that libc.so.1 is one of the system libraries where the initialization order is important was not properly exported. An updated libC.so.1 runtime is provided for both the SVR5 and OSR5 ABIs (ID: 534205:1) 58. Missing API - madvise() implied in sys/mman.h -- To aid in porting open source code, the UnixWare C library now contains madvise() and posix_madvise() APIs. (ID: 533578:1) 59. Missing NSS modules routinely reported in syslog -- The NSS switching code in the C library will no longer log system diagnostic warnings when an NSS module does not exist in the /usr/lib/nss directory. (ID: 533825:1) 60. wcsrtombs(NULL,...) with bogus code value other than first seg faults -- A bug was fixed where if wcsrtombs() was asked to compute the length needed to hold a wide character string (a null pointer is given as the destination) and the incoming multibyte string contains an invalid code somewhere other than at the string start, a segmentation fault would result when it attempted to write using the null pointer. (ID: 534135:1) 61. nsdispatch() fails to clear "unreg" member for nonexistent modules -- A bug was fixed in the C library in which a segmentation fault could occur within NSS processing, but only when a /etc/nsswitch.conf file exists and is later modified. The only known program affected was /usr/lib/saf/ttymon. (ID: 534239:1 SLS: ptf9052h) 62. NSS issues -- The NSS switching code in the C library was modified so that it will no longer log system diagnostic messages for missing "initgroups" APIs, nor will it fail to walk through all the available database entries when using the getXXent() or getXXent_r() routines. (ID: 534276:1 SLS: ptf9052h) 63. strftime() on OSR has %s extension, UW should match it -- For compatibility with OpenServer, the SVR5 strftime() routine now supports %s, for "seconds since the Epoch". (ID: 534396:1) 64. Enable optional RTLD features for cross GWXLIBS build -- The dynamic linker, also known as RTLD, has been extended to support the following features: 1. The environment variables LD_PRELOAD and LD_INSERT used to specify additional shared libraries to be loaded into processes. 2. The environment variable LD_ROOT used to prefix the start of full pathnames when looking for shared libraries. 3. The control file /etc/default/rtld which can be used to provide values for LD_LIBRARY_PATH and other environment variables (other than the LD_TRACE... ones) which will NOT be skipped for setuid-on-execution processes. Note that the /etc/default/rtld variable names do not include the LD_ prefix. (ID: 534109:1) 65. UW714 MP3 ld not handling g++ static array initialization stubs in RT .fini & .init -- Cause ld *not* to create text relocations for the special "init" and "fini" array symbols referenced from the crti.o object file. In practice, neither cc nor CC will currently generate any code which uses this feature, but someday they might (or other compilers might). Text relocations generally are "just" a mild performance hit as they require temporarily changing the read-only text segment to be made writable to perform the relocations, but when these binaries are used on OSR5, they can have a more unfortunate effect of causing them to fail at startup as sometimes the OSR5 kernel refuses to permit such temporary permission changes. (ID: 533638:1) 66. Add shell-style patterns to lists of symbols in ld -- The ld command is enhanced to take shell-style patterns as well as regular symbol names in all of the various -B options. For each one that accepts a "list" or "symfile", one can now cover all symbol names that match the list of symbol name patterns. (ID: 534216:1) 67. /usr/bin/javaexec updated to support J2SE 5.0. -- The /usr/bin/javaexec command, used by the kernel to control Java VM invocation for first-class executables, has been updated to handle J2SE 5.0 Java classes. (ID: 534029:1 SLS: ptf9052d) 68. Update mcs to generate correct binaries -- The strip and mcs ELF (object file) utilities have been updated to take into account the presence of the gABI grouping feature. See SHT_GROUP and SHT_SYMTAB_SHYNDX which are found in the elf.h header. (ID: 533854:3) 69. OSR5 applications running on UW7 use more file descriptors than when running on OSR5 -- Allow MAP_ANONYMOUS for all processes, including those running OSR5-ABI programs, in order to eliminate extra opens of /dev/zero by the runtime linker, thereby keeping file descriptor usage by OSR5-ABI programs running on UW7 similar to the usage when running on OSR5. (ID: 534174:3) Drivers 70. System hangs in asyc driver on UW714MP3 -- Eliminate system hangs that can occur when serial lines are in use. (ID: 534127:2) 71. Cannot idbuild a new kernel after upgrade to uw714mp3 -- A bug introduced in MP3 was repaired which sometimes caused the kernel to fail to be able to be rebuilt after a driver change. As part of the changes, the following now occurs: o The standard error output of idinstall is put in a log file, and o The log files are kept in the regular /var/sadm/install/logs directory. NOTE: MP3 was re-released in May, 2006 to fix this one bug. (ID: 533587:1) 72. Process Intel's e1008g 9.2.6 NIC handoff -- The Intel e1008g NIC driver has been updated to version 9.2.6. (ID: 534141:2) 73. Reset doesn't work on Legacy free BIOSes -- Fixed soft reboot on some servers with a legacy free BIOS. (ID: 533504:2 SLS: ptf9052) 74. Combined IDE mode does not work on HP servers -- Added full support for Intel ide ICH Enhanced and Compatibility Mode. (ID: 533413:3 SLS: ptf9052) 75. Iomega Rev changer not recognized correctly by USB -- Recognize Iomega REV changer by not caching INQ across LUNS. The USB stack now recognizes the changer component of the REV 280 and REV 560 autoloaders. (ID: 534075:1) 76. Incorrect mode for USB printers -- An issue was addressed, where cups may not work properly with USB printers. This was caused by incorrect permissions on the /dev/usblp-* and /dev/usb_prnt* nodes. The permissions have been changed to root as owner, lp as group, and with mode 0660 to work properly with cups. This correction has also been reflected in a new version of the udisetup program. (ID: 534563:1) 77. usbprobe command is not installed -- A usbprobe command has been added to help identify USB devices. (ID: 534038:1) Graphics 78. Japanese input method issue -- A bug was repaired that occurred when Japanese characters in dtterm windows were erroneously displayed after the window was resized. Prior to this fix, the user needed to press the enter key to correct the displayed characters. (ID: 531471:2 ESC: erg712806) 79. kinput2 crashes under certain circumstances -- In some situations when using the kinput2 input method, some applications like Mozilla could cause kinput2 to die when a pop-up window was present and had focus but another window was to be used. kinput2 has been repaired so that it appropriately changes the graphical focus in such circumstances so that it no longer dies. (ID: 532284:2 ESC: erg712847) 80. Japanese Input method sometimes does not receive control characters -- A bug was repaired in which the kinput2 Japanese input method sometimes would mistakenly fail to receive control characters typed for it. (ID: 533547:2) 81. Application using Japanese Input Method crashes under certain circumstances -- At times applications using the kinput2 Japanese input method would die with an internal fault due to a mistake in the event handling code within the input method. The error has now been fixed. (ID: 533547:3) 82. Japanese kinput2 Input Method exits when input window is explicitly closed -- Applications using the kinput2 Japanese input method could suffer premature shutdown when a transient window was closed other than through keyboard input. This problem has been fixed. (ID: 533547:4) 83. Added new resource to control Input Method status line display -- A StatusLineBC resource has been added to the Motif library to make it possible to have the input method's status line displayed only when activated (such as after typing shift-space when using the kinput2 Japanese input method) and disappears again when not active. (ID: 533991:1) 84. Cannot display Japanese character if text color is changed -- A bug was repaired in the kinput Japanese input method where after a color change, both the fore- and background colors of text where changed, causing the text to become unreadable. (ID: 532242:2 ESC: erg712844) 85. libXm.so.1.3 - List.c - not redrawing list when valid mouse wheel scroll -- The Motif (1.3) library was updated to support scrollable list adjustment by using the mouse scroll wheel. This specifically makes such available for Java. (ID: 533978:3) Kernel 86. Increase clock frequency to allow fine-grain user control for multimedia apps. -- The clock interrupt frequency is now configurable using a new boot parameter KHZ. KHZ can be set to be 100 (the default, for full compatibility) meaning 100 clock ticks per second, 200, 500, 1000, or 2000. Outside the kernel, only the setitimer() system call is affected by changing the KHZ setting. By setting KHZ to a higher value, setitimer() will present a finer granularity, providing help to those applications, such as multimedia ones, that can make use of such. (ID: 533870:1 SLS: ptf9052e) 87. Hot removal of devices may panic kernel in certain circumstances. -- Fix problems that may cause a kernel panic after hot removal of a USB device. (ID: 533714:2) 88. Set default clock tick value to 100 rather than 1000 -- Ensure that the compatible value of 100 for the new boot parameter KHZ is what is used by default. (ID: 534165:1 SLS: ptf9052g) 89. Some platforms may lock up when hyperthreading or multicore support is enabled. -- 1. Add support for "hybrid" ACPI/MPS system initialization, required on some platforms when hyperthreading or multicore support is enabled. Hybrid ACPI/MPS system initialization takes processor information from ACPI BIOS tables and all other platform information from MPS BIOS tables. Specifying "ACPI=X" in /stand/boot or at the interactive boot prompt enables hybrid ACPI/MPS initialization when hyperthreading or multicore support is also enabled. Hybrid ACPI/MPS initialization should be enabled only if the default full-ACPI based initialization fails. 2. Implement dynamic PCI interrupt assignment to fix interrupt related problems seen on some platforms when hyperthreading, multicore, and/or ACPI are enabled. Observed problems included excess interrupt activity, poor device response, and device timeouts. 3. Allow override of kernel algorithms for sorting the processors listed in ACPI BIOS tables through the use of the new LAPIC_SORT parameter. This is necessary on some platforms to ensure that all logical processors can be used even if the ACPIS BIOS tables does not list them in the proper order. Specifying "LAPIC_SORT=Y" in /stand/boot or at the interactive boot prompt will cause the kernel to reorder the processors listed in the ACPI BIOS tables; "LAPIC_SORT=N" disables that reordering. If LAPIC_SORT is unspecified, then the kernel uses its own internal algorithm to determine whether to reorder the processors listed in the tables. (ID: 533926:2 SLS: ptf9052d) 90. increase default thread stack size -- The default thread stack size was increased from 16k to 64k, the better to match common expectations of open source code. (ID: 534663:1) 91. libthread setcontext() garbles signal (blocking) mask if mask was not to be restored -- A libthread bug has been repaired, in which it caused the signal mask inappropriately to be changed to block most signals when a thread used sigsetjmp()/siglongjmp() and had requested that the signal mask NOT be saved. (ID: 534701:1) 92. System panics in VxFS code. -- A VXFS-related kernel panic was fixed. (ID: 534067:3) 93. Add AGP GART support -- Add AGP GART support in the kernel. (ID: 534017:1) 94. Panic occur if I use 640MB MO disk as dosfs filesystem -- Panic on dosfs filesystem for 640MB MO disk drive has been fixed. (ID: 534171:2) 95. Application fails to open more than 60-70 files for ISAM -- An kernel error was repaired in handling the OSR5 ABI sem/msg/shm system call families in which an EOVERFLOW error was returned instead of processing the request. (ID: 534061:3) 96. panic in put from strdaemon -- A race condition bug that could cause a kernel panic has been repaired. The race was between a TCP endpoint being simultaneously closed and aborted. (ID: 534173:3) 97. Processor cores not enabled on some platforms -- Fixed three problems related to multicore and hyperthread support: 1. The OS sometimes failed to recognize some processor cores because of mishandling of the LAPIC_SORT boot parameter. Previously, the LAPIC_SORT boot parameter erroneously defaulted to NO and setting it to YES has no effect; it now defaults to YES. 2. The number of available processor cores may be cut in half on systems on which the processor supports hyperthreading but on which the BIOS has hyperthreading disabled. 3. An error in the processor licensing check could prevent some processor cores from coming online even when the system had the requisite processor licensing. (ID: 534338:3) 98. condition in the unixware kernel where a null pointer is dereferenced and a function pointer is call -- A kernel bug was repaired in which a null pointer can be dereferenced due to mishandling of an mmap() system call error case. (ID: 534346:2) Installation 99. System console is sometimes non-functional after first reboot -- A kernel bug was repaired in which a file that should have been a "named pipe" is instead taken to be a character device. This very unusual situation only occurred when an inode number was first used for /dev/udp or /dev/tcp, then deleted, and then reused for a named pipe. (ID: 533770:4 SLS: ptf9052c) 100. installsrv doesn't handle /upd.additions packages in datastream format -- Updated /usr/sbin/installsrv to handle installation cdrom /upd.additions packages in datastream format in addition to filesystem format. (ID: 533771:1) 101. Some platforms may panic if 5 option cards are installed. -- Eliminated a NULL pointer dereference in a low-level kernel-to-BIOS interface routine that resulted in kernel panics under certain conditions, including when five or more option cards were installed on some platforms. (ID: 534773:2) 102. pam_mkhomedir added to ptf9052g for UnixWare 7.1.4 Samba Supplement -- The pam_mkhomedir module enables an administrator to create a user's home directory the first time they log into a particular system. This is useful with a centrally administered user database (IE: LDAP). It obviates the need for a distributed file system, or manually creating local home directories for users that may never actually use them. (ID: 534014:3 SLS: ptf9052g) 103. Add modjk to UnixWare 7.1.4 MP CD and remove modjk1 -- UnixWare 7.1.4 MP4 provides the modjk package for the first time. modjk replaces the earlier modjk1, "mod_jk2 for Apache 1," package. The modjk1 package (version 2.0.4) was introduced in UnixWare 7.1.4 MP1 and provided in UnixWare 7.1.4 MP2 and MP3. If you select to install the modjk package, install.sh (when invoked without options) prompts whether to remove modjk1 or to skip installing modjk. (ID: 534712:1) 104. MP Install: Move install.sh Mozilla prompt to up-front interview instead of midway through install -- install.sh is updated to do all prompting upfront instead of providing a Mozilla prompt halfway through the MP pkgadd install process. (ID: 534713:1) 105. install.sh did not display some package long names -- Previously the UnixWare 7.1.4 MP install.sh script replaced greater than 47 characters package long names with the package short name. Now install.sh displays the first 43 characters followed by " ...". (ID: 534714:1) 106. uw714mp[34] install.sh pkg installs fail if original 7.1.4 install did not install prereqs -- install.sh now checks whether the inet, jpeg, urwfonts, glib, gtk, or libIDL from the original UnixWare 7.1.4 media is needed for your package selection but are not installed. If so, you can select to have install.sh install the missing prerequisite. Note: These prerequisite packages are always installed by ISL and should not be pkgrm. If you pkgrm any of these packages then you may encounter MP4 pkgadd failures due to missing prerequisites: acp base ed els expect fmli libC libc libm libosr libthread ls modem mouse netmgt nsu openssh openssl openssld perl5 scoadmin syshead tclrun terminf uccs udidk udienv usb vtclrun zlib update714 (ID: 534715:1) 107. uw714mp4 install.sh enhancements -- The UnixWare 7.1.4 MP install.sh script was enhanced to handle a plethora of installation permutation options. Among the changes are: 1. More consistent per-package menu screens (e.g., Mozilla 1.2.x upgrade screen). 2. A screen offering the user the option to skip the package selection screens (default values are used). Per-package prompts are still displayed. 3. Fully installed packages are not displayed on the installation selection screens. This makes it clear which packages are available on the UnixWare 7.1.4 MP CD that you may want to install. (You can stiill use install.sh to overlay the current version of a package on top of itself. Simply run "install.sh pkgname".) 4. install.sh's concluding status message now shows SKIPPED (not offered for installation since this or an earlier version is already installed) packages before the just installed packages and any package installation failures. This helps ensure that the installed package list does not scroll off your screen. 5. The mpdoc package is only selected for installation if the current version is not already on the system. Previously the package was always selected resulting in unneeded reinstallations. (ID: 534817:1) 108. Additional uw714mp* install.sh performance, usability, and edge case handling improvements -- 1. In general noninteractive MP4 installs (install.sh -n) are discouraged. This option is intended for replicated servers where an interactive install was first done on a test server. To avoid accidentally using the -n option, a message is displayed and the user is given a short period of time (15 - 20 seconds) to abort the installation. 2. If a 1.2.x version of Mozilla is installed, install.sh in interactive mode asks if it can be removed (if you answer no then the new Mozilla version is not installed). In non-interactive mode the old version is removed and the new version is installed. 3. If the deprecated modjk1 is installed then, by default, install.sh selects modjk. In interactive mode you are prompted whether to keep the old modjk1 or upgrade to the new modjk. In non-interactive mode the old modjk1 is removed and the new modjk is installed. 4. In interactive mode a new menu screen is displayed asking if you want to review and/or change the default package selection. The package selection screens are then displayed only if you request this at the initial prompt. (ID: 534841:1) Networking 109. system panic at dlpi_send_iocack+d -- A panic condition fixed in dlpi module. (ID: 532999:3 ESC: erg712943) 110. rx stats (mac_no_resource) get reported as tx (netstat oerrors) -- The transmit errors were incorrectly reported as receive errors and vice versa for several media types. (ID: 533656:1) 111. ftp daemon does not allow site umask commands -- Fixed the ftp daemon so that SITE commands other than LANG (such as umask) will work again. (ID: 534179:1) 112. arp bug with MAC address changes for IP sharing dual port NICS -- A bug was repaired in which ARP messages were not printed correctly when the MAC address of an existing arp entry was changed. (ID: 533779:1) 113. linux NIS slave cannot login NIS users with passwords > 8 characters from UW714 master -- The PAM (Pluggable Authentication Method) module for regular password authentication for NIS users has been fixed to do encryption compatible with UnixWare's behavior prior to PAM's introduction. (ID: 534027:1) 114. accept() doesn't handle O_NONBLOCK correctly -- A bug in the kernel was repaired so that poll()/select() now behave according to The Open Group specifications when the socket is listening and nonblocking. (ID: 533560:2) 115. Extra defines needed in in6_f.h -- Add additional defines referencing 16-bit and 32-bit equivalent of IPv6 address to allow build of open source modules. (ID: 534541:1) 116. accept() does not set sockaddr's sa_family field to AF_UNIX -- Set length and family in the return address of the accept system call for UNIX domain sockets. (ID: 534555:1) 117. Add IGMPv3 support -- Preparatory changes for IGMPv3 in future release. (ID: 534129:1) 118. Send an ACK if many small-packet size data are received -- Send an ACK if all queued data consisting of very small packet size is processed regardless of whether delay-ACK is enabled. (ID: 518838:4) 119. Kernel panic in tcplrput() function -- A kernel bug that could cause a panic was repaired which occurred when prematurely reusing TCP minor numbers when a connection was simultaneously being shutdown. (ID: 534203:3) 120. small final segment TCP packets are not processed correctly -- Avoid miscalculating checksum for the last segment in a multi-segment transfer when it is less than 8 bytes. (ID: 534293:4) 121. in.dhcpc has the word "rejected" misspelled twice as rejected. -- Fix typos in log output from in.dhcpc. (ID: 510601:1) 122. Enable distribution of shadow entries via NIS -- Added NSS and NIS-ized support for "shadow" database and its associated APIs. (ID: 533730:2) 123. dlpid does not failover to chain of NICs, nor share backups, mismatching our doc -- Following new features are added/updated related to failback/failover of NICs - - A NIC can be configured as the backup of one or more than one NICs. - Backup of a backup NIC can be configured. - Protocol Information of a backup device can be viewed. - The main tree gives more backup NICs info. - Updated for features - "Switch to backup" & "Revert to primary". - Updated for removing primary/backup devices. (ID: 529245:6) 124. Receipt of improperly formed LLC XID packets and TEST frames may cause memory leaks. -- Fixed a bug in the dlpi driver to prevent streams memory leaks that could occur when improperly formed LLC XID packets were received from some routers, and a similar bug caused by receipt of improperly formed LLC test frames. (ID: 533862:3) 125. Update SendMail -- Sendmail has been updated to version 8.13.8. (ID: 534095:2) 126. setacl and getacl commands obtain user and group information from local files only, -- Enable setacl and getacl to access user and group information from sources other than /etc/passwd and /etc/group. For example, if NIS is enabled, setacl and getacl will recognize user and group names provided by the NIS server, even if such names are not locally defined. (ID: 533532:1) 127. "ps -f" does not convert numerical UIDs to NIS user names -- For a system set up with reasonably dynamic user accounts (such as NIS), the cached UID-to-login name mapping saved by the ps command could end up without displaying a login name for a newish UID. ps has been changed so that it will now regenerate its mapping information when it finds that what it has cached is out-of-date. (ID: 533533:1) 128. bug in /usr/lib/ns.so.1 causes program to core dump -- Threaded programs that call some getXXent APIs but not ones from *both* passwd and group will no longer core dump due to a segmentation fault in /usr/lib/ns.so.1, the dynamic shared library which provides NIS-based passwd and group lookups. (ID: 533620:2 SLS: ptf9052) 129. netstat -ian does not show the correct number of multicast addresses -- The kernel was updated to provide for larger valued number of multicast addresses for netstat to display. (ID: 533900:3) Operating System 130. Enhanced sysconf to determine the number of physical CPUs -- A new parameter _SC_NPROCESSORS_PHYS is added to sysconf(3C) to return the number of physical CPUs. (ID: 533461:1 SLS: ptf9052) 131. include latest sysinfo updates in next MP release -- The sysinfo utility was updated to collect additional information, including ODM, ReliantHA, SCO Office, and Hipcheck optional services information. (ID: 534247:1) 132. Australia has changed its switch from DST this year and we need to cater for it -- The timezone database was updated to include all the recent changes in various countries, including the US and Australia. (ID: 533648:2 SLS: ptf9053 version a) 133. Australia/New Zealand timezone rules need to be updated -- The compiled timezone files (under /etc/TZ) have been updated to match the rules as of the end of March 2008. This includes the latest Australia and New Zealand changes. (ID: 534795:1) 134. Port libreadline 5.1 -- readline 5.1 is provided in readline package. (ID: 533996:1) 135. No longer enforce licensed number of CPUs -- Updated the licensing daemon /etc/sco_pmd to no longer enforce a limit on the number of CPUs. (ID: 534688:1) 136. manage_sendmail does not restart /usr/lib/sendmail -- The /etc/mail/manage_sendmail utility now correctly stops and restarts sendmail after (re)generating the configuration file. (ID: 534844:1) 137. Port cups-1.3.3 -- UnixWare 7.1.4 MP4 updates CUPS to version 1.3.3. Prior UnixWare 7.1.4 releases provided variations of version 1.1.19. (ID: 534544:1) 138. lpnet hang when printing to Microsoft XP BSD server (jsb multiview) -- Some memset calls fixed in lpNet. (ID: 533649:2) 139. Account locking feature not working on MP3 with ptf9052g installed -- The previously disfunctional -l option to passwd (lock the account) has been repaired. (ID: 534181:1) 140. chmod 444 /etc/openldap/ldap.conf to avoid NSS_LDAP module assertion failure -- Fixed /etc/openldap/ldap.conf.default to be world readable, so that the actual LDAP configuration file ldap.conf, will be world readable as well. (ID: 534411:2) 141. **panic in vx_ifree_scan_list -- Fixed a race between FS unmounting/deletion and the inode freelist scan routine. This race leads to an inode being removed "twice" from the freelist, thus, causing panic. (ID: 533024:3 ESC: erg712951) 142. Uninitialized variable in dialpass module generates SIGSEGV, causing login failures -- Fixed an uninitialized variable in the PAM dialpass module (/usr/lib/security/pam_dialpass.so) that could cause authentication failures and/or core dumps when trying to access a service configured to use dialpass for authentication. (ID: 534093:1 SLS: ptf9052f p534093) 143. pam_unix module free()s live data -- The PAM unix module pam_acct_mgmt() routine could end up freeing part of a live data structure potentially causing later misbehavior in processes using PAM. (ID: 534267:1 SLS: ptf9052h) 144. USB/EHCI performance unnecessarily constrained -- The performance of high speed USB (EHCI) devices has been significantly improved. (ID: 534090:1) 145. Add SCOoffice Server 4.2 licensing definitions -- Added the SCOoffice Server 4.2 base and user bump definitions for the scoadmin License Manager. (ID: 534194:2) 146. drv_callback does not handle NMI -- Provide correct routing of non-maskable interrupts (NMIs) when hyperthreading, multicore, and/or ACPI are enabled. (ID: 533969:2 SLS: ptf9052d) 147. mount command can hang on trying to mount a cdrom with no media inserted -- Fixed an occasional hang of the mount command when trying to mount a cdrom with no media inserted. (ID: 534420:2) 148. lock error in adst70 driver causes panic under kstuff kernel -- Fixed lock hierarchy violation issues in adst70 and adpu320 driver. (ID: 534036:3) 149. Enhance USB code to handle hardware stalls -- The kernel's USB support code has been enhanced to better deal with certain hardware which inappropriately (according to the USB specification) stalls in configuration cycles. The support code will now retry a few times when it believes it has detected this situation, which appears to be good enough to work around these hardware failings. (ID: 532626:3) 150. Temporary keyboard lockup immediately after VT switch or num lock/caps lock/scroll lock -- Modified the system behavior so that, by default, it will attempt to determine at runtime whether or not an 8042 keyboard/mouse controller is present, rather than assume one is present. Autodetection of the 8042 improves system response on platforms which lack an 8042 controller, and in particular, avoids temporary keyboard lockups that can occur on such platforms immediately after certain keyboard operations such as VT-switches or pressing the Caps Lock key. The system's treatment of the 8042 controller can be modified by changing the value of the variable i8042_detection in /etc/conf/pack.d/ws/space.c and then rebuilding and rebooting the kernel. If i8042_detection is initialized to 1, which is the default, then the operating system detects the presence or absence of an 8042 controller at runtime. If i8042_detection is initialized to 0, then the system bypasses the runtime detection and always acts as if an 8042 controller is present. If i8042_detection is initialized to -1, then the system bypasses the runtime detection and always acts as if an 8042 controller is not present. (ID: 534034:2 SLS: ptf9052d) 151. replacing the mirror root disk using vxdiskadm broken -- Fixed replacement of failed disk in mirrored setup issue for Vertias Volume Manger(VxVM). (ID: 533912:2) SCOAdmin 152. scoadmin account & SCOoffice 4.2 install hang when AFPS & Samba both installed -- A hang was fixed in the scoadmin account manager object service agent (OSA) that occurs when the UnixWare 7.1.4 MP3 Samba Supplement (or Samba included with UnixWare 7.1.4 MP4) is installed on a system with SCO Advanced File and Print Server previously installed. (ID: 534786:1) Security 153. SECURITY: BIND 9: cryptographically weak query ids -- BIND was upgraded to version 9.4.2. The upgrade removes dnssec-signkey and dnssec-makekeyset commands. (ID: 534372:2) 154. SECURITY: SCO UnixWare pkgadd Directory Traversal Vulnerability - CVE-2008-0310 -- A security vulnerability with the UnixWare pkgadd utility was repaired. (ID: 534589:3) 155. SECURITY: CVE-2006-1173 sendmail DenialOfService security problem -- Sendmail could allow a remote attacker to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. (CVE-2006-1173) (ID: 534042:2) 156. SECURITY- "/bin/su" takes password from stdin -- The su and passwd utilities have returned to using /dev/tty as the input source for reading password strings in the event that standard input isn't a TTY. (ID: 534132:1) 157. SECURITY: X.Org X server <= X11R6.8.2 arbitrary code execution -- Multiple X Window System server applications share code that may contain a flaw in the memory allocation for large pixmaps. The affected products include the X.Org X server applications. An integer overflow condition may result in a memory allocation request returning an allocated region that is incorrectly sized. The client may then be able to use the XDrawPoint() and XGetImage() functions to read and write to arbitrary locations in the X server's address space. A malicious local authenticated attacker may be able to execute arbitrary code with the privileges of the X server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. The X server was updated to a repaired version. (ID: 532989:2 ESC: erg712937) 158. SECURITY: iDEFENSE [IDEF10098] Setuid ptrace Local Privilege Escalation Vulnerability -- A bug in which the ptrace() system call could be used to gain root privilege has been repaired. (ID: 533176:3) 159. SECURITY: libpng denial of service vulnerability -- Fixed possible Denial of Service attack for malformed (bad CRC) gray scale PNG image. (ID: 534272:2) 160. SECURITY: A race condition in Sendmail may allow a remote attacker to execute arbitrary code -- A bug has been repaired in which sendmail could allow a remote attacker to execute arbitrary code as root, caused by a signal race vulnerability. (CVE-2006-0058) (ID: 533700:2) 161. SECURITY: CUPS xpdf Multiple Buffer Overflow Vulnerabilities -- [SCOSA-2006.20] Some vulnerabilities have been repaired in CUPS, in which a denial of service attack was possible, by exploiting a vulnerable version of Xpdf. (ID: 533446:2) 162. SECURITY: Samba multiple issues -- Deliver Samba 3.0.24 with security patches. (ID: 534269:2) 163. SECURITY: Need fix for CVE-2006-4924 OPENSSH DENIAL OF SERVICE VULNERABILITY -- Openssh has been upgraded to version 4.6p1 (ID: 534336:2) 164. SECURITY: ESP Ghostscript 7.x -- Fixed insecure temporary file creation vulnerability. (ID: 533156:2) 165. SECURITY:FreeBSD has issued an update for tcpdump. This fixes a vulnerability, -- Fixed buffer overflow vulnerability for BGP packets in tcpdump. (ID: 534384:2) 166. SECURITY:OpenSSL's implementation of RSA may contain a vulnerability that could allow an attack -- Fixed RSA security vulnerability in OpenSSL. (ID: 534381:2) 167. SECURITY: Mozilla Multiple Vulnerabilities -- Previously, the security issues addressed/fixed by Mozilla.org with the release of Mozilla 1.7.13 on the SCO support web-page. That web released package of Mozilla 1.7.13 is included in the UW 7.1.4 MP4 support release. (ID: 533769:5) 168. SECURITY Mozilla updated to 1.7.13 -- The Mozilla browser has been updated to version 1.7.13. (ID: 532747:1 ESC: erg712883) 169. SECURITY: libcurl URL Parsing Vulnerability -- [CVE-2005-4077] Due to a bug in libcurl's URL parsing code, it was possible to cause an internal buffer overflow, which made it possible to corrupt some memory allocation structures. This bug has been repaired. (ID: 533390:2) 170. SECURITY: MySQL user defined function buffer overflow -- [SCOSA-2006.18] Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allowed remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. MySQL was prone to a buffer overflow vulnerability here. There were insufficient bounds checks of user-defined function argument data. This issue could have been exploited by a database user with sufficient access to create a user-defined function. It may also have been possible to exploit this issue through latent SQL injection vulnerabilities in third-party applications that used the database as a backend. Successful exploitation would have resulted in the execution of arbitrary code in the context of the database server process. The newer MySQL versions do not suffer from this vulnerability. (ID: 533383:2) 171. **SECURITY perl Multiple issues -- perl and perlmods were updated to version 5.8.8 in the UnixWare 7.1.4 Samba Supplement. (ID: 531489:2 ESC: erg712810) 172. SECURITY:integer overflow vulnerability exists within the handlers for the X font server. -- Fixed interger overflow vulnerabilities in X which could compromise the security of the system (ID: 534522:4) Other Fixes 173. Extra "info" link in readme.htm -- Links in the /info readme.htm file are now relative to the CD /info directory instead of the CD root directory. (ID: 534845:1) 174. UW71x:After my kernel was compiled it complains of pcicinit pccard/_drv.o errors -- Under certain circumstances, the current state of the pcic driver is not maintained across the update installation. This issue has been fixed. (ID: 533593:1) 175. Meaning of + and - in GMT-based timezones are reversed in ptf9052e and ptf9052f. -- Restore compatibility of GMT-based timezones (TZ environment variable values) such as :GMT-5 or :GMT+8 on systems with ptf9052 version e or f. Also introduce POSIX-compliant timezones of the form :Etc/GMT[+-]#. For UnixWare 7.1.4 without ptf9052 version e or f, timezones of the form :GMT+# are # hours east of GMT while those of the form :GMT-# are # hours west of GMT. ptf9052e reversed the sense of +/- in these time zones in order to comply with the POSIX standard, which specifies that +# means # hours *west* of GMT and -# means # hours east of GMT. This change restores the previous meaning of :GMT[+-]#, and adds new POSIX compliant timezone specifications of the form :Etc/GMT[+-]#. Note that TZ=GMT-5 and TZ=:GMT-5 (for example) also differ in the treatment of the sign and will have a ten hour (twice five) difference. TZ=GMT-5 and TZ=:Etc/GMT-5 agree with each other. (ID: 534160:2 SLS: ptf9052g) 176. NSS support for ia_openinfo() is inadequate for Samba and nss_ldap -- Samba's NSS module has been fixed so that it now finds all the user's supplemental group IDs. (ID: 534113:1) 177. Samba Supplement install results in account manager failure -- Fixed the scoadmin account manager to not result in error when /bin/net is the Samba vs AFPS version. (ID: 534184:1 SLS: ptf9052h) 178. Samba's winbind module is dumping 'compat_r=*' strings into the login output -- This problem has been resolved. (ID: 534224:1) 179. It's possible to inadvertently disables system login ability if openldap or samba is removed -- The openldap and samba package preremove scripts now detect if PAM login module is referenced by a file that the pkgrm won't remove. If so, you are warned and offered the option to abort. We very strongly recommend that you abort the package removal if this warning is displayed. If you receive this warning then you need to update your PAM configuration or immediately (before logging out) install another version of the openldap or Samba package. (ID: 534255:1) 180. pkgrm of samba does not remove swat line from inetd.conf -- pkgrm of samba now removes Samba swat line from the inetd.conf file. (ID: 534264:1) 181. Broken upgrade path from previously shipped 3.0.10 to 3.0.24 from the Samba supplement -- Installing the new version of the samba package automatically copies the existing Samba configuration (if one exists) from the previous release's /usr/lib/samba/lib/smb.conf and /usr/lib/samba/private/* files. The copied files are under /etc/samba. For your convenience, symlinks for the binaries and the smb.conf file are left in the old /usr/lib/samba locations. However, if your prior configuration specified any alternate or additional configuration files (e.g., a usermap file), they need to be copied separately. Also note: If the new Samba version is removed then your current configuration will not be restored to the previous /usr/lib/samba/lib location. When downgrading, administrators are advised to backup all configuration files before removing the new samba package. (ID: 534368:1) 182. Enable cups support in Samba. -- Samba is now configured to enable cups support. (ID: 534438:1) 183. SWAT dies when defining shares -- This problem has been resolved. (ID: 534518:1) 184. smbldap-tools internal documentation flawed -- Changed the following lines in the usage clause. From: -N surname -S family name To: -N familiar name -S surname To avoid confusion, and display the correct usage. (ID: 534576:1) 185. new ssh connections trigger synchutmp activity -- A bug was repaired in ssh which it caused the "classic" utmp/wtmp login-record files to get out of synch with the "modern" utmpx/wtmpx login-record files. The bug mostly just caused warning notices to be posted to the operating system message log, /var/adm/log/osmlog, every time a user logged in via ssh. (ID: 533686:1) 186. Cannot log in using ssh -- The pam_lastlog module now creates /var/adm/lastlog file if it does not exist. (ID: 533724:2 SLS: ptf9052b) 187. First attempt to log in using ssh is denied -- Fix a bug in the pam_lastlog module's open session function which sometimes caused a failure the first time a user logged in to a system using ssh. (ID: 533724:3) 188. mktemp utility -- The mktemp utility is part of the UnixWare 7.1.4 Maintenance Pack 4. (ID: 533616:1 SLS: ptf9052) 189. Packaging issues with the recently released MySQL 5.0.19 -- Prototype file cannot include relative symbolic links. Modified prototype file. (ID: 533822:1) 190. OpenLDAP binaries moved, and symlinks added -- The slapd and slurpd binaries have been moved from /usr/libexec/ to /usr/sbin/, and symlinks, pointing to the appropriate new locations, have been left in the place of the old binaries. (ID: 534227:1) 191. OpenLDAP upgrade does not work. -- A warning screen has been added to install.sh that any existing OpenLDAP database data needs to be backed up before the upgrade and then restored following the upgrade in order for the data to remain accessible. (ID: 534369:3) 192. mysql "repair table operation fails with EFBIG -- For compatibility with other systems, LFS-ized variants on the mkstemp() routine are now provided by the C library. mkstemp() and mkstemp64() open the temp file with large file permission whereas mkstemp32() does not. (ID: 534671:1) 193. problems with web posted modjk-1.2.25-02.pkg package -- The modjk version 1.2.25-02 postinstall and postremove scripts had minor bugs. The postinstall bug falsely reported an installation failure; the postremove bug prevented package removal. These bugs have been fixed with the modjk version (1.2.25-03) included in MP4. (ID: 534726:1) 194. htdoc index rebuild fails -- The docview indexing operation has been changed to support the creation of larger than 2 Gigabyte sized database files. (ID: 534695:2) 195. Tomcat with Axis fails to shut down completely. Tomcat shutdown.sh script modified to ensure shutdow -- The Tomcat shutdown.sh script has been modified to perform a "kill -9" on the process(es) should normal shutdown fail. (ID: 533909:2) 196. Update the SCOx perlmods for supporting Samba -- The perlmods file was updated from version 5.8.3 to version 5.8.8 in the UnixWare 7.1.4 MP3 Samba Supplement (and in UnixWare 7.1.4 MP4). (ID: 533999:1) 197. mysql "stop" script doesn't work -- Cannot reproduce in MySQL 5.0.19. The report was lodged against MySQL 3.x and apparently has been fixed since then. (ID: 530138:1) 198. Multiple problems and Feature request for Perl build from Samba -- The perl library file Config_heavy.pl contained references to cross environment commands, not available on a native machine. This could cause problem with perl related builds. The file has been changed to reference the native commands, so this problem should no longer be seen. (ID: 534717:1) 199. Provide Apache Axis 1.2 support in the Tomcat and javasoap packages -- The tomcat and javasoap packages now provide Apache Axis 1.2 support. (ID: 533907:1) 200. Provide pgsql 8.2.6 on UnixWare 7.1.4 MP4 CD -- This problem has been resolved. (ID: 534727:1) 201. NSS ldap module fails to cause buffer grow retries -- When using the NSS ldap module (see /etc/nsswitch.conf) if long enough "passwd" or "group" entries were reached in the ldap server, this module would fail to tell its caller that it needed more space. The general result would be that entry and subsequent ones would be missed. (ID: 534271:1) 202. nss_ldap opensrc code fails to set pw_age struct passwd member -- The NSS LDAP module has been fixed so that it no longer can leave the pw_age and/or pw_comment members of struct passwd unset. (ID: 534343:1) ------------------------------------------------------------------------ §9: Copyrights The following Copyright Notice is required by the lsof command source: /* * Copyright 2002 Purdue Research Foundation, West Lafayette, * Indiana 47907. All rights reserved. * * Written by Victor A. Abell * * This software is not subject to any license of the American * Telephone and Telegraph Company or the Regents of the * University of California. * * Permission is granted to anyone to use this software for * any purpose on any computer system, and to alter it and * redistribute it freely, subject to the following * restrictions: * * 1. Neither the authors nor Purdue University are responsible * for any consequences of the use of this software. * * 2. The origin of this software must not be misrepresented, * either by explicit claim or by omission. Credit to the * authors and Purdue University must appear in documentation * and sources. * * 3. Altered versions must be plainly marked as such, and must * not be misrepresented as being the original software. * * 4. This notice may not be removed or altered. */ ------------------------------------------------------------------------ Document Issued: June 2008 Copyright © 2008 The SCO Group, Inc. All rights reserved.