Patch Name: PHCO_13029 Patch Description: s700_800 10.20 libc cumulative patch Creation Date: 97/10/31 Post Date: 97/11/10 Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: N/A Filesets: OS-Core.C-MIN OS-Core.CORE-SHLIBS ProgSupport.PROG-MIN ProgSupport.PROG-AUX Automatic Reboot?: No Status: General Superseded Critical: No (superseded patches were critical) PHCO_8108: CORRUPTION Path Name: /hp-ux_patches/s700_800/10.X/PHCO_13029 Symptoms: PHCO_13029: NIS map transfer fails due to transfer timeout on slave as a direct result of an inefficient method of scanning a sparse DBM database. SR 5003392126, DTS JAGaa01111. The performance of strcoll is bad for multi-byte locales when compared to 9.x performance. SR 1653192724, DSDe432158. PHCO_12673: Alternate regular expressions with anchored non-first subexpression fail to match if don't use parenthesis. DTS# JAGaa00523 PHCO_12448: The memmove(3C) api is slow when moving data to the right, as in memmove(c+1,c,249). DTS# DSDe433981, JAGaa00518, SR# 5003355867 The last patch PHCO_12128 breaks the correct functionality of spanish locale collation for strcoll and strxfrm. This patch fixes that problem. DTS# JAGaa00792. Signal mask is not restored after calling free when mallopt(M_BLOCK,0) has been set. Only happens on multiple calls to free for the same pointer. DTS# JAGaa00773, JAGaa00489, DSDe424072; SR# 1653228304 1653119560 Non-root users of rlogin get the error message: "rlogind: /dev/pts/1: Permission denied." if configured in /etc/inetd.conf with the -l option. DTS# INDaa28226, SR# 4701364653 PHCO_12128: NIS netgroups are searched recursivly causing poor performance when netgroups are nested. DTS # INDaa27824, SR# 5003377606. The API seekdir() fails to position the next readdir() operation for certain nfs directory. DTS# DSDe431565 The customer using strcoll(3c) with single byte locale and experiencing performance problem. DTS# DSDe436357, SR# 1653214346 In a customer application, regcomp(3C) followed by regexec(3C) returns an unexpected "no match" value when the locale is set to non-C locale. DSDe437259, SR 1653215186. Output directed to stderr may be corrupted when an application opens files for non-buffered i/o by calling setbuf() with the _IONBF flag. The symptom is likely to manifest only in multi-threaded applications. DSDe437356. No reported symptoms - this is a proactive patch. DSDe436555. PHCO_11315: The customer using Spanish locale ( or any locale with 2 to 1 mapping) along with any patch which includes patch number PHCO_10027 will see incorrect colla- tion. Other customers will never see this problem. DTS # DSDe436983, SR 1653214346. User applications calling catopen() may run out of file descriptors. DTS # DSDe435212, SR 1653208355. PHCO_11004: In multi-threaded application, if one thread is waiting on a read which won't complete (e.g., stdin or a stalled pipe) and another calls thread calls exit() or abort, the application would hang. DTS # DSDe435666, SR 1653211490. The group permissions of the parent directory of the home directory does not have to be set for "all" for the ".rhosts" check to succeed. The "rhosts" check changes the effective group id to the real group id before opening ".rhosts" file. Also, ruserok() did not properly parse the username in hosts.equiv. DTS # INDaa22946 INDaa21768; SR # 5003297861, 5003274753. User applications calling catopen() may run out of file descriptors. DTS # DSDe435212, SR 1653208355. Memory leak in getservbyname. DTS# INDaa26623, SR# 5003358762. strcat() may core dump when the last word of the source string is at the page boundary. SR 5003302299, DSDe434239, DSDe427804. For regcomp/regexec, "^ *$" and similar patterns in non-C locales will incorrectly match lines with newlines in them. ^$ pattern and empty strings won't match when they should in non-C locales. A pattern with ^ in the C-locale and with REG_NEWLINE set will not consider newlines further down the string. DSDe434345, DSDe434746, DSDe434752; SR 1653204651, SR 4701349118. February 29, 2000 is rejected as a valid date by the getdate(3c) library call. DSDe434241, DSDe430766; SR #s 1653203026, 4701334763. The getdate(3c) would set getdate_err to "no matching template entry" (7) instead of "invalid input specification" (8) for dates outside the range of the time_t data type. This has been fixed. DSDe434270 PHCO_10027: Unaccaptable degradation of collation using swedish language. DSDe432108, SR1653192161. Regular expression pattern ".*" behaves incorrectly in Japanese locale. DSDe433097. The memcmp(3c) may core dump at page boundary. DSDe433356, SR4701344721. Applications built archived on release 10.20 will use the wrong locale libraries for the C locale if they are executed on a future HP-UX release. The result is unpredictable. Existing applications built with the archived libc in 10.20 need to be rebuilt with a libc that contains this patch if they are to be be moved forward to a post-10.20 HP-UX release to ensure that they use the correct locale libraries for the C locale on the new release. Existing 10.20 applications built shared do not have to be rebuilt with the patch to be migrated to a future HP-UX release. DSDe432519. PHCO_9577: When customer runs command: setprivgrp -g LOCKRDONLY, the NIS system hangs. INDaa24394, SR5003320648. This fix was intended for PHCO_8979, but was inadvertently left out. PHCO_8979: The libc routine ulckpwdf always returns -1. As a result, the /etc/.pwd.lock can not be unlocked. DSDe431142, SR5003338038. Memory leak in globfree(). DSDe431962, SR5003344192. If given weekday is the same as today and within the last 7 days of the month, getdate() returns an Error 8. DSDe431143, SR1653185629. In non-C locales, non-blank lines would match pattern ^$ for regcomp(). DSDe431505 DSDe432126. User applications hit a limit of 1023 for number of sets in a message catalog. DSDe431644, SR5003341271. Call to tempnam(), mktemp() and mkstemp() sometimes returned a dangling symlink as the name for a temporary file. SR1653189134. The strptime and getdate calls did not handle two digit year specifications in the same manner. This has been addressed by providing strptime and getdate with an alternative behavior for dealing with two digit year specifications. In order to obtain the alternative behavior, which interprets two-digit year values in the range 66-99 to refer to the twentieth century and values in the range 00-68 to refer to the twenty-first century, the executable must link with the supplied object file, /usr/lib/year2000.o. Existing executables will continue to get the compatible behavior. DSDe430766, SR4701334763. If the ndots resolver option is configured in /etc/resolv.conf and res_init() is directly or indirectly called, a memory leak will occur. Applications using gethost*() API's or directly using resolver API's (res_*()) in a DNS environment are open to this problem. INDaa23823. The getdate() routine fails with a signal 11 segmentation violation when accessing a datemask file that contains a very large number of alternative date formats. DSDe429925, SR1653176883. PHCO_8764: Random truncaton of strings with strcat due to fix attempted in PHCO_8108. PHCO_8108: Significant performance degradation of regular expression processing in 10.X compared to 9.X. Affects awk, grep, sed, etc. Some printf variants available in patched 10.X systems weren't exported in 10.20. getcwd returns EINVAL when a negative buflen is passed in. memchr may core dump when char is not found. Sometimes strcat would attempt to access an unmapped page of memory. Defect Description: PHCO_13029: NIS uses dbm to to manage its data. Because of unlucky splitting, the '.pag' file has a large empty area which causes the NIS file transfer to fail because it takes longer than 25 seconds for dbm to get between keys. The strcoll(3c) api for multi-byte was not optimized. PHCO_12673: awk and grep fail for certain regular expressions. PHCO_12448: The proper optimizations were not applied. This patch fixes the spanish locale collation problem for strcoll and strxfrm APIs caused by patch PHCO_12128. Signal mask was not restored for this corner case. The effective user and group id are set incorrectly in the call ruserok() when rlogind is invoked with an option "-l". PHCO_12128: If netgroups are nested this causes the NIS netgroup files to be recursively searched, causing poor performance. The API seekdir(3) is unable to position the next readdir(3) operation if the directory is on a 3rs party NFS server that returns a negative signed 32bit integer. Fix is made to readdir() not to call lseek(2) system call. This is a patch for performance problem reported for Spanish locales. The patch helps all single byte locales. A local data item was not being initialized properly. Incorrect internal buffer allocation can lead to an overlap between the stderr buffer and other internal buffers when files are opened for non-buffered i/o. Potential for data corruption/crashing in dbm_open is called with a filename which is too long. PHCO_11315: The trimming off of common prefix from string before collation causes problem in Spanish locale because it has 2 to 1 mapped collation element. e.g. "ch" should map after "co" but if common prefix "c" is removed, "h" will collate before "o" which is incorrect. An incorrect setting of NLSPATH, eg. NLSPATH="/tmp" causes catopen() to leave open file descriptors behind. As a result, applications that frequently call catopen() with an incorrectly set NLSPATH can run out of file descriptors. PHCO_11004: Code which cleans up stdio streams did not handle read-only streams which were waiting indefinitely on a read. 1. The "rhosts" check fails if the parent directory of the user's home directory does not have the right group permissions. Consider the case where the parent directory has permissions "710". /home - permissions rwx--x--- /home/student - permissions rwx------ The directories home and student belong to the same group. The "rhosts" check fails when a remote user tries to login as "student". This is because, the ruserok() routine does not change the effective group id to the real group id before opening ".rhosts" file. 2. Usernames in the host.equiv file are improperly parsed. The ruserok() code now exhibits the expected and documented behavior. An incorrect setting of NLSPATH, eg. NLSPATH="/tmp" causes catopen() to leave open file descriptors behind. As a result, applications that frequently call catopen() with an incorrectly set NLSPATH can run out of file descriptors. NIS getservbyname() had a memory leak. strcat() prefetches word before doing shift and concatenation. A check for end of string should be performed before the prefetch since the prefetched word may be across the page boundary. This is now fixed. The non-C locale code continued to check beyond the terminating null character. In the C-locale with REG_NEWLINE set, the ^ case should continue checking the entire string in case there are newlines in the string. The leap year algorithm was incorrect for getdate(3c). The check for the range of the input date was in the wrong place. PHCO_10027: Unaccaptable degradation of collation using swedish language. Regular expression pattern ".*" behaves incorrectly in Japanese locale. memcmp tried to prefetch words from outside of valid memory page and this might cause memory core dumps. The prefetching of invalid memory words was caused by incorrect calculation of number of words to fetch and compare. This is fixed now. In a system with more than one set of locale libraries to be used by libc.1 and libc.2, libc.1 will use the wrong set of locale libraries for the C locale. libc.1 needs to be changed to use the locale libraries in the /usr/lib/nls/loc/locales.1 directory instead of /usr/lib/nls/loc/locales, which is a symbolic link to /usr/lib/nls/loc/locales.2 on a HP-UX 10.30 system. This patch is needed for an HP-UX 10.20 machine if that machine is being used to build applications which you intend to run on future releases of HP-UX. This patch is not needed for correct operation of programs on HP-UX 10.20 system, because /usr/lib/nls/loc/locales is a symbolic link to /usr/lib/nls/loc/locales.1. PHCO_9577: Problem is in yp_bind.c. The second function call to flock() has a syntax error in the parameter list. The first call to flock() is correct. When this command is given the second function call to flock() is in code which is only invoked when Talk2_binder() is called. Then it hangs. PHCO_8979: If you lock /etc/.pwd.lock using lckpwdf, there is no way to determine that it was unlock, because ulckpwdf always returns -1. Allocated memory was not properly free'd by globfree() after use. The day of the month was being improperly adjusted for the case when the day of the week matched today. Pattern map was set such that it would continue matching past end of pattern. The maximum number of message sets allowed in a message catalog was not high enough; it has been increased to 65535. The tempnam(), mktemp() and mkstemp() APIs did not check for a dangling symlink before returned it and this has been fixed now. The strptime and getdate calls were not consistent in the manner in which they handled two digit year specifications. res_init() leads to the processing of the ndots option. In processing the ndots value a routine was called that could generate a recursive loop back to res_init(). During the recursive loop a memory leak would be generated. The code has been redesigned to avoid this loop condition. When a very large template file is used, and the getdate() routine has to search far into the file to find a matching format specifier, getdate() overran the allocated array. PHCO_8764: The fix for strcat's page boundary problem caused truncation of some strings. PHCO_8108: Poor performance of 10.X regular expression processing in comparison to 9.X. The affected entry points were not exported properly. According to X/Open, getcwd takes a second argument of type of size_t and returns EINVAL only when the second argument is 0. memchr tries to read beyond end of valid memory when char is not found in thestring and may core dump. The strcat call didn't handle an optimized pre-fetching strategy properly, causing the read of bytes belonging to unmapped pages. SR: 4701309294 1653155929 1653169615 5003338038 5003344192 1653185629 5003341271 1653189134 4701334763 5003320648 1653176883 1653192161 4701344721 1653211490 5003297861 5003274753 1653208355 5003358762 5003302299 1653204651 4701349118 1653203026 4701334763 1653214346 1653208355 1653215186 5003377606 5003355867 1653228304 1653119560 4701364653 5003392126 1653192724 Patch Files: /usr/lib/libc.a /usr/lib/libp/libc.a /usr/lib/libpicc.a /usr/lib/libc.1 /usr/lib/year2000.o what(1) Output: /usr/lib/libc.a: PATCH/10.20:PHCO_13029 libc.a_ID@@/main/r10dav/libc_ dav/libc_dav_cpe/7 /ux/core/libs/libc/archive_pa1/libc.a_ID Oct 28 1997 16:25:39 /usr/lib/libp/libc.a: PATCH/10.20:PHCO_13029 libc.a_ID@@/main/r10dav/libc_ dav/libc_dav_cpe/7 /ux/core/libs/libc/profiled_pa1/libc.a_ID Oct 28 1997 17:04:18 /usr/lib/libpicc.a: PATCH/10.20:PHCO_13029 libc.1_ID@@/main/r10dav/libc_ dav/libc_dav_cpe/7 /ux/core/libs/libc/shared_pa1/libc.1_ID Oct 28 1997 16:44:16 /usr/lib/libc.1: PATCH/10.20:PHCO_13029 libc.1_ID@@/main/r10dav/libc_ dav/libc_dav_cpe/7 /ux/core/libs/libc/shared_pa1/libc.1_ID Oct 28 1997 16:44:16 /usr/lib/year2000.o: None cksum(1) Output: 2590503018 2416924 /usr/lib/libc.a 887660189 2598380 /usr/lib/libp/libc.a 2978725258 2594646 /usr/lib/libpicc.a 3374340910 1843200 /usr/lib/libc.1 970213139 704 /usr/lib/year2000.o Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_8108 PHCO_8764 PHCO_8979 PHCO_9577 PHCO_10027 PHCO_11004 PHCO_11315 PHCO_12128 PHCO_12448 PHCO_12673 Equivalent Patches: None Patch Package Size: 9290 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_13029 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_13029.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHCO_13029.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_13029. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_13029.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_13029.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: If libc patches are installed without rebooting, applications currently running which are linked shared against libc will still continue using the former version of libc. If this presents a problem to any applications, you should reboot.