Dear SCO Customer, Support Level Supplement (SLS) ptf7446f, the UnixWare 7.1.0 Kernel and Networking Supplement, which includes many important previously released SLSs, provides solutions for the all of the problems listed below. SLS ptf7446f newly adds corrections for these issues: - udp port bind errors occurred at boot-up, which were introduced by changes in the inet driver in ptf7446d. - During recvmsg in ss_copy_sockaddr when using connectionless AF_UNIX sockets, a panic could occur and the sender would disappear. - Installation of Oracle 8i (8.1.6) sometimes core dumps, or Oracle "svrmgrl" process sometimes core dumps, post-installation. - A UNIX 95 Test failure occurred, introduced by the (e,f,g)cvt() change in earlier revisions of SLS ptf7446. SLS ptf7446b addressed these issues: 1. Systems PANIC in logcons() at logcons+75. 2. Connections remain in the SYN_SENT state. 3. When running the inetd stress tests, a lot of connections remain stuck in the CLOSE_WAIT state when running netstat. PANIC at in_chek_mgmt_que+27 When running the new inetd stress test, you get a number of PANICs that have tcp_itmr_keep() in the stack trace. The 'inetd stress test' can cause the box to appear to hang. 4. After installing ptf7612a, ping -f fails. 5. The system appears to run out of streams memory. 6. t_sync does not synchronize some important lib data structures. 7. If doing an asynchronous connect and you call getsockopt() to get the error reason for the connect to fail, you get a random error code. 8. Select returns invalid read status on udp sockets. 9. NIS name resolution can cause memory corruption for some applications, often resulting in random core dumps generated by a SIGSEGV. A memory allocation for an internal structure was increased to the correct size. 10. Garbage exists in target ID fields in messages from sd01. 11. There is an uninitialized variable in tcp_close(). 12. There is an uninitialized return value in tcp_close(). 13. The kernel virtual memory for buffer I/O is temporarily exhausted. 14. t_snd() returns an incorrect TSYSERR and EPROTO error. 15. A vxfs hang occurs, caused by unlocked read and write locks on a file. SLS ptf7446c addressed these issues: 16. ptf7446[ab] fails to install on systems with usoftint installed, erroneously reporting that update710 needs to be reapplied. 17. ecvt,fcvt, and gcvt functions used an old underlying routine to convert floating numbers to strings, which sometimes caused rounding errors. SLS ptf7446d addressed these issues: 18. Time stamping causes ip fragmentation. 19. SLS ptf7069 made inappropriate modifications to udp_open(), nullifying fixes in previous versions of SLS ptf7446. SLS ptf7446e addressed these issues: 20. The FTP daemon, /usr/sbin/ftpd (based on WU-FTPD), has a security vulnerability that could allow unprivileged users to obtain root access through use of the "site exec" command. This vulnerability is described in CERT advisory CA-2000-13 (see http://www.cert.org). 21. An associated segmentation violation in /usr/bin/ftp occurred. SLS ptf7446f additionally addresses these issues: 22. udp port bind errors occurred at boot-up, which were introduced by changes in the inet driver in ptf7446d. 23. During recvmsg in ss_copy_sockaddr when using connectionless AF_UNIX sockets, a panic could occur and the sender would disappear. 24. Installation of Oracle 8i (8.1.6) sometimes core dumps, or Oracle "svrmgrl" process sometimes core dumps, post-installation. 25. A UNIX 95 Test failure occurred, introduced by the (e,f,g)cvt() change in earlier revisions of SLS ptf7446. From SLS ptf7401j: SLS ptf7401j, the In-Kernel Sockets Supplement, provides solutions to various problems identified with the networking components of UnixWare 7.1.0, in the area of sockets and streams. SLS ptf7401j corrected these problems: 1. accept(3sock) errors occur when running proprietary client/server application. 2. OpenServer 5 Netscape binary running on UnixWare 7 generates a TCP error. 3. select() behaves incorrectly on socket after the far end is closed. 4. Support for OpenServer 5 networking binaries is not adequate. 5. t_open(3xti) calling open on /dev/tcp fails with EAGAIN error. 6. recv(3sock) incorrectly concludes socket is not a socket. 7. write() to a streams socket gives an incorrect return status of O_NDELAY. 8. Baan IV application fails to start due to SIGPIPE signal. 9. UDP streams queue limits are too small for NFS. 10. select(3sock) may return an exception when there is none. 11. There are problems with supporting socket semantics on libc functions. 12. The AF_UNIX family is not supported through osocket. 13. Using dup()'d socket file descriptor confuses recvfrom() return address. 14. Option processing does not check for an invalid level in sockopt. 15. listen(3sock) on an unbound socket fails with EADDRINUSE. 16. accept(3sock) errors occur when running Netscape Server with Tarantella. 17. There is pipe filename corruption when using libsocket. 18. Incorrect matches of AF_INET, SOCK_RAW, IPPROTO_TCP done with the netconfig /dev/icmp instead of /dev/rawip entry. 19. select(3sock) does not return if another thread closes the socket. 20. getsockopt(3sock) can cause segmentation fault when it returns. 21. UnixWare 7.0.1, with the addition of SLS ptf7038c, causes disk mirroring to stop working. 22. Semaphore problems can occur during socket close. 23. Constructor does not throw exception on connect(3sock) failure. 24. truss(1) -p pid hangs. 25. Processes hang in CLOSE_WAIT state. 26. Data loss occurs when using kde desktop. 27. TCP_T_IDLE and TCP_T_KEEP timeouts fail to fire. 28. TCP/IP retransmit timeouts are too long. 29. NON_BLOCKING connect(3) returns EINPROGRESS on UNIX domain sockets. Now, once the patch is installed, "inconfig ss_connafunixndelay 1" will disable this, and will wait instead. 30. select(3) returns with an exception when there is POLLRDBAND data. Now, "inconfig ss_selectrdband 1" enables this. 31. Simple client/server application fails with various errors from connect(3) and accept(3) when running on a 4*MP box. 32. Passing files descriptors fail when compiled with XPG4. 33. UNIX95 VSU5.0.2 CAPIbase/fclose Assertion 11 fails. 34. RealNetworks RealAdministrator will not start up. After typing in the correct URL for the RealAdministrator, the browser will attempt to connect indefinitely without success. 35. Routine msgscgth(D3str) can panic if more physically contiguous regions were present than specified by phys_max_scgth. 36. Rare case with bind(3sock) routine which may cause spurious memory corruptions or system panics. 37. When a non-blocking connect(3sock) is used, the connection will happen asynchronously if the connect() call returns EINPROGRESS. During such a connection, read(2), recv(3sock), recvfrom(3sock) or recvmsg(3sock) will return ENOTCONN until the connection succeeds or fails. In the case of failure, the call would return 0 when it should return the failure message (typically ECONNREFUSED). 38. Possible trap E panic in tcp_itmr(). 39. When using recvmsg(3sock) to receive control data in XPG4 format on a datagram message, with either an IP_RECVOPTS or IP_ RECVDSTADDR socket option set, recvmsg() returns -1 and sets a typically invalid error number. 40. Possible PANIC in in_memcmp() called by rt_output() in router. 41. Installation of previous versions of ptf7401 caused Legato Networker to suffer RPC bind errors when running its utility processes. 42. These warning messages were logged on importing the Internet bgp routing table via gated: WARNING: rn_delete couldn't find out annotation WARNING: rn_delete Orphaned Mask 43. Potential KMA corruption caused by newly introduced early releasing of TCP minor numbers. This sometimes resulted in panics with the stack trace, including tcp_freespc() being called from tcp_ztmr(). 44. cpio cannot create a volume greater than 2GB on the tape device. This happens because the uio_off32 is a signed integer and becomes negative in _Compat_uiophysio() function when it goes beyond 2GB. 45. Second call to connect(3) can hang application. If, using AF_UNIX, a connect(3) is issued without the server running, it will correctly fail with ECONNREFUSED. However, if connect(3) is then reissued without closing/opening the socket, the connect may succeed, but a subsequent write will fail with EPIPE. 46. Doing an XPG4 option management request without having set the XTI_OPTMGMT environment variable will cause a PANIC. Note: See also 3xti(-t_optmgmt) 47. In-Kernel Sockets causes an application built on SCO UnixWare 2.1.x to block without SIGALARM signal. 48. KMA corruption issue while performing I/O on a VxVM block device. From SLS ptf7406b: SLS ptf7406b, the UnixWare 7.1.0 Pentium II and Pentium III Supplement, offers additional functionality on systems with CPUs that support the extended floating point save and restore instructions, fxsave and fxrstor. SLS ptf7406b offers faster saving and restoring of floating point state on Pentium II and on Pentium III, and allows applications to use the Pentium III Streaming SIMD instructions and the Pentium III extended floating point registers. Systems that do not support the fxsave and fxrstor instructions will see no effect from installing ptf7406b; attempts to use the extended floating point save and restore interfaces on these systems will fail with errno set to EINVAL. SLS ptf7406b includes enhancements to the following commands to support Pentium III Streaming SIMD instructions: as dis debug fur kdb SLS ptf7406b does not support unmasked extended floating point exceptions. Applications generating unmasked extended floating point exceptions will terminate when the exception is generated. SLS ptf7406b does not support threaded applications that use the Pentium III extended floating point registers. If an application uses threads, the contents of the extended floating point registers will be undefined when used by multiple threads. No compiler or optimizer enhancements to support Pentium III Streaming SIMD Instructions are included in SLS ptf7406b. For further details, see the Programming Notes for ptf7406b, found in: /var/sadm/pkg/ptf7446/install/ptf7446.doc From SLS ptf7413m: SLS ptf7413m, the UnixWare 7.1.0 VM Subsystem Supplement, provides solutions for the following problems: 1. Processes are not completing due to file hanging. This issue was originally addressed in SLS ptf7413a. The file hang that is caused by a slow streams-based memory leak is eliminated. 2. An HBA driver uses a maximum transfer size that is less than 128KB (for example, the IBM "ips" driver supporting the IBM ServeRAID HBA). The buf_breakup code now honors the max_xfer transfer size set by a driver in the bcb_max_xfer field of its bcb structure. 3. The system intermittently hangs while handling hardware-generated NMIs. A deadlock situation with cmn_err has been rectified by marking critical regions that could potentially lock cmn_err. 4. Syslogd misses cmn_err messages when a system panics. cmn_err puts messages directly into putbuf. This avoids a delay that was happening using strlog(7), which resulted in messages being lost just before the system panics. 5. Processes can hang in vx_delay2. SLS ptf7413 introduces a new tunable to prevent a vxfs hang from occurring. 6. Too much Kernel Virtual Memory is used when using mprotect. segpse and segdev changed to reduce overhead of the amount of Kernel Virtual Memory. 7. PROT_NONE PSE protection can be lost due to unshielding. PSE pages are now skipped in unshield. 8. A panic occurs in freectty() when using DDI 8 serial driver. It now checks whether major is less than cdevcnt. 9. A panic occurs when using truss to investigate a DSHM process. A temporary mapping to the page table is used. 10. The system hangs with MPIO in qlc1020_timeout_remove(). It now releases the queue lock before calling qlc1020_abort_command() in the watchdog routine. 11. Real Time Clock (RTC) drifts and jumps. Also, CMOS can be corrupted. Additional APIs now read and write bytes of CMOS RAM using locking to access it. 12. Panics occur in sv_signal() called from hat_asunload() on cpu 0 of 8 processor Intel Pentium III Xeon systems. hat_asunload() now holds resourcelock across SV_SIGNAL(). 13. Possible hangs while two CPUs are looping alternately in hat_load(). Changed algorithm to distribute jobs fairly across CPUs by making changes in hat_load(). 14. System may suffer buf_breakup panic with fixed-blocks greater than 512 bytes. Modification of code to allow for tape bytes' size greater than 512 bytes with DDI8 HBA driver. 15. close() is slow when CPU load is heavy. During close(), only dirty pages will be counted up when deciding to yield to the processor. Files needing multiple flushes will still need time to complete the close process; however, for files that haven't been written to, the close will no longer be delayed. (Note that this fix had incorrectly been reported as being in ptf7413f.) 16. Disk corruption seen with PAE on, and greater than 4GB physical memory (all of which is general purpose) while performing I/O on a VxVM block device. This fix is for a kernel memory corrupting issue and is not specific to PAE or volume manager. Note: PAE mode is enbaled by setting ENABLE_4GB_MEM=YES in /stand/boot, or by issuing this during an interactive boot. 17. A security problem has been eliminated by disallowing core dumps if there is already a corefile (or any other object) of the same name in the current directory. A security problem has been eliminated by disallowing core dumps of setgid processes (processes running with an effective group ID different from the user's real group ID). An administrator may now select old-style corefile naming, whereby the process-ID suffix normally attached to every corefile name is eliminated and every corefile is just named "core". This is intended to address situations in which it is unacceptable for a disk to fill up with corefiles. However, it is recommended that administrators use the current default behavior. The tunable that controls this behavior is named COREFILE_PIDS. 18. Address space of privileged processes was accessible by regular users. Privileged processes could then be traced, opening several security holes. 19. Privileged processes could core dump. Sensitive data is often located inside the core files of privileged processes. 20. Addresses a problem of machine hangs occurring if syslogd is enabled. 21. Corrects a problem where OSR5 binaries that use rpcs (svc_register) will not run on UnixWare 7 Release 7.1.0. 22. Libsocket maintains a pointer to libresolv code; the pointer may become stale causing core dump of Apache when used with PHP. 23. A client/server program that uses socketpair(3) and uses this to write/read data and do I_SENDFD/I_RECVFD can fail with EINVAL on read. 24. Process hangs because page I/O to sparse file never completes. 25. Kernel mode address fault. 26. KMA abuse in pid_next_entry() etc, stale pid_procp. 27. Panic occurred on pvn_memunresv_pp_l+2f. From SLS ptf7414c: SLS ptf7414c, the libc Supplement for UnixWare 7.1.0, addresses these issues with the select(3C) library call: 1. The select(3C) library call returned indicating an exception on a file descriptor that had not been selected in exceptfds; and returned indicating an exception when one end of a pipe or socketpair was closed. 2. The pt.c functions have been enhanced to support up to 99999 ptys. Previously, the Unix98 pty support routines could not allow more than 999 ptys to be allocated by a user process. 3. Libc handles languages poorly; security is not considered when opening a message catalog. Note: In order for this fix to be complete, the system also requires that SLS ptf7411c or later is installed. From SLS ptf7424d: SLS ptf7424d, the libnsl Supplement, contains modifications to address the problem where logging in over a modem using cu(1bnu) fails for any of the reasons listed below, or where t_bind returns the incorrect address after a successful connection is established. 1. If the user does not complete the login within 4 seconds, the login attempt is killed and restarted. 2. If the user's shell is /bin/sh, the shell prompt is displayed and then the login is killed (and the line is hung up). 3. ttymon with the P flag does not allow non-PPP logins to work correctly. 4. ttymon sets an alarm that is never canceled. 5. In rare occurrences, t_bind will succeed but return the address with the family incorrectly set. 6. Modified yp_match() to avoid getting stuck in an infinite sleep loop when NIS is configured and gethostbyname() is called with a long name (rejects keys longer than YPMAXRECORD). 7. t_listen fails with t_error TBADQLEN. In a TLI/XTI application using t_sync, the qlen value for the specified transport endpoint can be incorrectly set to zero locally within the transport library. The negotiated qlen field of a transport endpoint is now correctly updated when t_sync is called. From SLS ptf7431a: SLS ptf7431a, the UnixWare 7.1.0 debug Supplement, addresses a problem where an internal error in debug occurs when a stack trace is made on a thread of a C++ program (as supplied by Argon). From SLS ptf7441d: SLS ptf7441d, the libmas Supplement, contains modifications to the libmas library. It now uses strerror() rather than sys_nerr/sys_errlist. libmas.so used the obsolete sys_nerr/sys_errlist mechanism rather than the modern and internationalized strerror(). sys_nerr/sys_errlist is only defined in the archive part of libc (/usr/ccs/lib/libc.so) and not in the dynamic part of libc (/usr/lib/libc.so.1). As a result it is not visible to dynamic libraries that have been dlopen'd, which is the case with Java native methods. Note: libmas.a is part of the usoftint package. If that package is going to be installed, then installation of this SLS should be suspended until after the installation of usoftint. From SLS ptf7443a: SLS ptf7443a, the UnixWare 7.1.0 ping Supplement, addresses a problem where the ping command hangs and never times out. This occurs when alarm(1) becomes stuck in a loop of retries. From SLS ptf7444a: SLS ptf7444a, the UnixWare 7.1.0 ppptalk Supplement, addresses a problem where buffer overflows have been found in several ppp options. As ppp is a suid binary, it is possible to use these buffer overflows to obtain increased privilege. Contents -------- /etc/conf/dtune.d/fs proc /etc/conf/mdevice.d/cram /etc/conf/mtune.d/fs proc /etc/conf/pack.d/cram/Driver_atup.o Driver_mp.o /etc/conf/pack.d/elf/Driver_atup.o Driver_mp.o /etc/conf/pack.d/fs/Driver_atup.o Driver_mp.o space.c /etc/conf/pack.d/inet/Driver_atup.o Driver_mp.o /etc/conf/pack.d/io/Driver_atup.o Driver_mp.o /etc/conf/pack.d/kdb/Driver_atup.o Driver_mp.o /etc/conf/pack.d/kdb_util/Driver_atup.o Driver_mp.o /etc/conf/pack.d/log/Driver_atup.o Driver_mp.o /etc/conf/pack.d/mem/Driver_atup.o Driver_mp.o /etc/conf/pack.d/osm/Driver_atup.o Driver_mp.o /etc/conf/pack.d/osocket/Driver_atup.o Driver_mp.o /etc/conf/pack.d/proc/Driver_atup.o Driver_mp.o space.c /etc/conf/pack.d/procfs/Driver_atup.o Driver_mp.o /etc/conf/pack.d/psm_mc146818/Driver.o /etc/conf/pack.d/segdev/Driver_atup.o Driver_mp.o /etc/conf/pack.d/segshm/Driver_atup.o Driver_mp.o /etc/conf/pack.d/socksys/Driver_atup.o Driver_mp.o /etc/conf/pack.d/specfs/Driver_atup.o Driver_mp.o /etc/conf/pack.d/svc/Driver_atup.o Driver_mp.o /etc/conf/pack.d/ticots/Driver_atup.o Driver_mp.o /etc/conf/pack.d/ticotsor/Driver_atup.o Driver_mp.o /etc/conf/pack.d/timod/Driver_atup.o Driver_mp.o /etc/conf/pack.d/util/Driver_atup.o Driver_mp.o /sbin/initsock /u95/bin/suscfg /usr/bin/netstat ppptalk truss /usr/ccs/bin/as debug dis fur /usr/ccs/lib/libc.a libc.so /usr/ccs/lib/libp/libc.a libc.so libc.so.1 /usr/include/netinet/tcp_var.h /usr/include/sys/convsa.h cram.h kcontext.h lwp.h procfs.h regset.h /usr/include/sys/signal.h socket.h sockmod.h socksys.h stream.h /usr/include/sys/streamio.h stropts.h strsubr.h systm.h ticots.h /usr/include/sys/ticotsord.h tihdr.h timod.h ucontext.h user.h /usr/include/ucontext.h /usr/lib/libc.so.1 libmas.a libmas.so /usr/lib/libnsl_i.so libnsl.so libnsl.so.1 /usr/lib/libsocket.so libsocket.so.1 libsocket.so.2 /usr/lib/libresolv.so libresolv.so.1 libresolv.so.2 /usr/sbin/in.snmpd ping rtpm trpt in.ftpd Software Notes and Recommendations ---------------------------------- SLS ptf7446f should only be installed on: UnixWare 7 Release 7.1.0 Note: SLS ptf7446f will only install if SLS ptf7408c (or later) is already installed on the system. If an earlier version of ptf7408 is installed on the system, then installation of ptf7446f will fail with this error message: UX:pkginstall: ERROR: unknown dependency type specifies: S SLS ptf7446f spans these packages: acp base cmds dshm inet kdb netmgt nsu osmp ppp uccs uedebug usoftint If any of the packages listed above is installed after ptf7446f, then you must reinstall Update 7.1.0, and ptf7446f must be reinstalled after it. In particular, if the osmp (OS Multiprocessor Support) package is installed after ptf7446f, Update 7.1.0 and then ptf7446f must be reinstalled immediately. When Update 7.1.0 is reinstalled, its kernel rebuild will usually show errors from ld and idmkunix, due to an undefined symbol "ss_socketpair_common". Such errors are normal; reinstalling ptf7401j will correct the MP drivers, and the kernel can then be rebuilt successfully. (Note: If the osocket driver was not configured, Update 7.1.0's rebuild may appear to succeed. However, SLS ptf7446f must still be reinstalled, as the kernel just built would be inconsistent and unable to support networking calls from the /usr/lib/libsocket installed earlier.) If SLS ptf7446f is installed on a system that is running an HTTP server, for example, the Netscape Fasttrack Server, it is recommended that SLS ptf7410c, the libthread Supplement, also be installed. SLS ptf7446f supersedes all versions of the following SLSs: SLS ptf7401 - In Kernel Sockets SLS ptf7406 - Pentium II and Pentium III Supplement SLS ptf7413 - VM subsystem Supplement SLS ptf7414 - libc Supplement SLS ptf7416 - cram and psm_mc146818 Driver Update SLS ptf7424 - libnsl and timod driver Supplement SLS ptf7431 - debug Supplement SLS ptf7441 - libmas Supplement SLS ptf7443 - ping Supplement SLS ptf7444 - ppptalk Supplement However, it is not necessary to remove those SLSs prior to installing SLS ptf7446f. SLS ptf7425a should not be installed on top of SLS ptf7446. Installation Instructions ------------------------- REMINDER: SLS ptf7408c (or later) must be installed on your system prior to installing SLS ptf7446f. 1. Download the ptf7446f.Z file to the /tmp directory on your machine. 2. As root, uncompress the file and add the SLS package to your system using these commands: $ su Password: # uncompress /tmp/ptf7446f.Z # pkgadd -d /tmp/ptf7446f # rm /tmp/ptf7446f Alternatively, this SLS package may be installed in quiet mode, that is, without displaying the release notes and asking for installation confirmation. To do this, use these commands: $ su Password: # uncompress /tmp/ptf7446f.Z # pkgadd -qd /tmp/ptf7446f all # rm /tmp/ptf7446f 3. Reboot the system after installing this SLS package. The release notes displayed prior to installation can be found in: /var/sadm/pkg/ptf7446/install/ptf7446.txt Also, more detailed programming notes can be found in: /var/sadm/pkg/ptf7446/install/ptf7446.doc Removal Instructions -------------------- 1. As root, remove the SLS package using these commands: $ su Password: # pkgrm ptf7446 2. Reboot the system after removing this SLS package. If you have questions regarding this SLS, or the product on which it is installed, please contact your software supplier.