Patch Name: PHCO_18502 Patch Description: s700_800 10.26 libsecurity cumulative patch Creation Date: 99/06/03 Post Date: 99/06/28 Hardware Platforms - OS Releases: s700: 10.26 s800: 10.26 Products: N/A Filesets: BLS.MAXSIX BLS.BLS-CORE ProgSupport.PROG-MIN BLS.BLS-ENG-A-MAN Automatic Reboot?: Yes Status: General Superseded Critical: No (superseded patches were critical) PHCO_18179: MEMORY_LEAK Path Name: /hp-ux_patches/s700_800/10.X/PHCO_18502 Symptoms: PHCO_18502: Functions to access protected password database that take directory as argument do not exist. Getprpwent function stops returning nis entries after it returns the first one. PHCO_18179: Memory leak in security policy daemons PHCO_17856: We need to create strsecerror function in libsecurity. It should work the same way as psecerror except that it returns the message string instead of sending it to the standard error. PHCO_17760: There is no way to get the classification string from an IR in all Encodings cases. Additionally, the SHORT_WORDS specifier has no effect on the returned classification. It always returns the long form. Defect Description: PHCO_18502: Functions fgetprpwnam and fputprpwnam need to be created. They will read/write protected password entry from the desired directory. NIS does not need to be up. Getprpwent function is calling other functions which will reset the pointer when NIS users are accessed. Resolution: Two new functions are created: struct pr_passwd *fgetprpwnam(char *nam, char *authdir) int fputprpwnam(char *nam, struct pr_passwd *p, char *authdir) They can be used to access any desired protected password directory and read and write entries from there. Getprpwent function was redesigned so that it does not call the function that reset the entry pointer so that all the entries are now correctly returned. PHCO_18179: The daemon fails to release the lock on the memory page in some error cases. This results a process space memory leak. This size of the daemon grows over a long period of time and eventually the daemon dies and the system becomes unusable. Resolution: Release page lock under error conditions. PHCO_17856: New requirement. Resolution: Create the function and the man page. PHCO_17760: New requirement. Resolution: Provide a new interface to retrieve classification from a valid IR. SR: 1653305540 Patch Files: /tcb/bin/acld /tcb/bin/dbck /tcb/bin/m6d /tcb/bin/m6dbck /tcb/bin/m6mkdb /tcb/bin/macilbd /tcb/bin/mkdb /usr/include/mandatory.h /usr/lib/libsecurity.1 /usr/lib/libsec.a(mandlib.o) /usr/lib/libsec.a(psecerror.o) /usr/lib/libsec.a(getprpwent.o) /usr/lib/libsec.a(authcap.o) /usr/share/man/man3.Z/mand.3 /usr/share/man/man3.Z/mand_ir_to_class_er.3 /usr/share/man/man3.Z/psecerror.3 /usr/share/man/man3.Z/strsecerror.3 what(1) Output: /tcb/bin/acld: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ 1999/06/02 Hewlett-Packard HP-UX 10.26 TOS [ ic5cn - DAV17 ] 99/04/07 seccmd/secpolicy/spdbm.c, hpux, hpux_10.26, ic5cn Revision 1.6 PATCH_10.26 (PHCO_18179) 99/05/21 lib/libsecurity/map_ids.c, hpux, hpux_10.26 , ic5cn Revision 1.12 PATCH_10.26 (PHCO_1850 2) 99/06/02 lib/libsecurity/mandlib.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_17760 ) $ ic5ae_DAV17 lib/libc/archive_pa1/libc.a_01 Jun 2 1999 21:28:26 /tcb/bin/dbck: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ 99/06/02 lib/libc/core/gen/ctime.c, hpux, hpux_10.26 , ic5cn Revision 1.2 PATCH_10.26 (PHCO_17823 ) UNMODIFIED 1999/06/02 Hewlett-Packard HP-UX 10.26 TOS [ ic5cn - DAV17 ] 99/04/07 seccmd/secpolicy/spdbm.c, hpux, hpux_10.26, ic5cn Revision 1.6 PATCH_10.26 (PHCO_18179) 99/05/21 lib/libsecurity/map_ids.c, hpux, hpux_10.26 , ic5cn Revision 1.12 PATCH_10.26 (PHCO_1850 2) 99/06/02 lib/libsecurity/mandlib.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_17760 ) $ 99/05/21 lib/libsecurity/authcap.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_18502 ) ic5ae_DAV17 lib/libc/archive_pa1/libc.a_01 Jun 2 1999 21:28:26 /tcb/bin/m6d: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ 99/06/02 lib/libc/core/gen/ctime.c, hpux, hpux_10.26 , ic5cn Revision 1.2 PATCH_10.26 (PHCO_17823 ) UNMODIFIED 1999/06/02 Hewlett-Packard HP-UX 10.26 TOS [ ic5cn - DAV17 ] seccmd/msix/m6d.c, m6d, hpux_mlpmp, mlpmp6 $Date: 96 /12/04 15:47:33 $Revision: 1.22 PATCH_10.16 (PHCO_7524) 99/04/07 seccmd/secpolicy/spdbm.c, hpux, hpux_10.26, ic5cn Revision 1.6 PATCH_10.26 (PHCO_18179) 99/06/02 lib/libsecurity/mandlib.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_17760 ) $ 99/05/21 lib/libsecurity/map_ids.c, hpux, hpux_10.26 , ic5cn Revision 1.12 PATCH_10.26 (PHCO_1850 2) 99/05/21 lib/libsecurity/authcap.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_18502 ) ic5ae_DAV17 lib/libc/archive_pa1/libc.a_01 Jun 2 1999 21:28:26 /tcb/bin/m6dbck: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ 99/06/02 lib/libc/core/gen/ctime.c, hpux, hpux_10.26 , ic5cn Revision 1.2 PATCH_10.26 (PHCO_17823 ) UNMODIFIED 1999/06/02 Hewlett-Packard HP-UX 10.26 TOS [ ic5cn - DAV17 ] 99/04/07 seccmd/secpolicy/spdbm.c, hpux, hpux_10.26, ic5cn Revision 1.6 PATCH_10.26 (PHCO_18179) 99/05/21 lib/libsecurity/map_ids.c, hpux, hpux_10.26 , ic5cn Revision 1.12 PATCH_10.26 (PHCO_1850 2) 99/06/02 lib/libsecurity/mandlib.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_17760 ) $ 99/05/21 lib/libsecurity/authcap.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_18502 ) ic5ae_DAV17 lib/libc/archive_pa1/libc.a_01 Jun 2 1999 21:28:26 /tcb/bin/m6mkdb: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ 99/06/02 lib/libc/core/gen/ctime.c, hpux, hpux_10.26 , ic5cn Revision 1.2 PATCH_10.26 (PHCO_17823 ) UNMODIFIED 1999/06/02 Hewlett-Packard HP-UX 10.26 TOS [ ic5cn - DAV17 ] 99/04/07 seccmd/secpolicy/spdbm.c, hpux, hpux_10.26, ic5cn Revision 1.6 PATCH_10.26 (PHCO_18179) 99/05/21 lib/libsecurity/map_ids.c, hpux, hpux_10.26 , ic5cn Revision 1.12 PATCH_10.26 (PHCO_1850 2) 99/05/21 lib/libsecurity/authcap.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_18502 ) 99/06/02 lib/libsecurity/mandlib.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_17760 ) $ ic5ae_DAV17 lib/libc/archive_pa1/libc.a_01 Jun 2 1999 21:28:26 /tcb/bin/macilbd: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ 1999/06/02 Hewlett-Packard HP-UX 10.26 TOS [ ic5cn - DAV17 ] 99/06/02 seccmd/secpolicy/macilbd.c, hpux, hpux_10.2 6, ic5cn Revision 1.6 PATCH_10.26 (PHCO_1776 0) 99/04/07 seccmd/secpolicy/spdbm.c, hpux, hpux_10.26, ic5cn Revision 1.6 PATCH_10.26 (PHCO_18179) 99/06/02 lib/libsecurity/mandlib.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_17760 ) $ 99/05/21 lib/libsecurity/map_ids.c, hpux, hpux_10.26 , ic5cn Revision 1.12 PATCH_10.26 (PHCO_1850 2) ic5ae_DAV17 lib/libc/archive_pa1/libc.a_01 Jun 2 1999 21:28:26 /tcb/bin/mkdb: HP92453-02A.10.00 HP-UX SYMBOLIC DEBUGGER (END.O) $R evision: 74.03 $ 99/06/02 lib/libc/core/gen/ctime.c, hpux, hpux_10.26 , ic5cn Revision 1.2 PATCH_10.26 (PHCO_17823 ) UNMODIFIED 1999/06/02 Hewlett-Packard HP-UX 10.26 TOS [ ic5cn - DAV17 ] 99/04/07 seccmd/secpolicy/spdbm.c, hpux, hpux_10.26, ic5cn Revision 1.6 PATCH_10.26 (PHCO_18179) 99/05/21 lib/libsecurity/map_ids.c, hpux, hpux_10.26 , ic5cn Revision 1.12 PATCH_10.26 (PHCO_1850 2) 99/05/21 lib/libsecurity/authcap.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_18502 ) 99/06/02 lib/libsecurity/mandlib.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_17760 ) $ ic5ae_DAV17 lib/libc/archive_pa1/libc.a_01 Jun 2 1999 21:28:26 /usr/include/mandatory.h: $Revision: 1.6 include/mandatory.h, hpux, hpux_10.26 , ic5bb $ $Date: 99/02/25 16:11:03 $ Hewlett -Packard Co. */ 99/02/26 include/mandatory.h, hpux, hpux_10.26, ic5b b Revision 1.6 PATCH_10.26 (PHCO_17760) */ /usr/lib/libsecurity.1: 1999/06/02 Hewlett-Packard HP-UX 10.26 TOS [ ic5cn - DAV17 ] 99/05/21 lib/libsecurity/authcap.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_18502 ) 99/05/21 lib/libsecurity/getprpwent.c, hpux, hpux_10 .26, ic5cn Revision 1.25 PATCH_10.26 (PHCO_1 8502) 99/06/02 lib/libsecurity/mandlib.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_17760 ) $ 99/05/21 lib/libsecurity/map_ids.c, hpux, hpux_10.26 , ic5cn Revision 1.12 PATCH_10.26 (PHCO_1850 2) 99/03/09 lib/libsecurity/psecerror.c, hpux, hpux_10. 26, ic5cn Revision 1.4 PATCH_10.26 (PHCO_178 56) 99/05/21 lib/libsecurity/chsecattr.c, hpux, hpux_10. 26, ic5cn Revision 1.3 PATCH_10.26 (PHCO_185 02) /usr/lib/libsec.a(mandlib.o): 99/02/26 lib/libsecurity/mandlib.c, hpux, hpux_10.26 , ic5bb Revision 1.5 PATCH_10.26 (PHCO_17760 ) $ /usr/lib/libsec.a(psecerror.o): 99/03/09 lib/libsecurity/psecerror.c, hpux, hpux_10. 26, ic5bo Revision 1.4 PATCH_10.26 (PHCO_178 56) /usr/lib/libsec.a(getprpwent.o): 99/05/21 lib/libsecurity/getprpwent.c, hpux, hpux_10 .26, ic5cn Revision 1.25 PATCH_10.26 (PHCO_1 8502) /usr/lib/libsec.a(authcap.o): 99/05/21 lib/libsecurity/authcap.c, hpux, hpux_10.26 , ic5cn Revision 1.5 PATCH_10.26 (PHCO_18502 ) /usr/share/man/man3.Z/mand.3: None /usr/share/man/man3.Z/mand_ir_to_class_er.3: None /usr/share/man/man3.Z/psecerror.3: None /usr/share/man/man3.Z/strsecerror.3: None cksum(1) Output: 453722108 518912 /tcb/bin/acld 1934990158 642868 /tcb/bin/dbck 2529119500 2093044 /tcb/bin/m6d 744239666 644624 /tcb/bin/m6dbck 1588520874 626336 /tcb/bin/m6mkdb 3363608858 555876 /tcb/bin/macilbd 1399923591 626336 /tcb/bin/mkdb 2696317173 12952 /usr/include/mandatory.h 2187948574 380928 /usr/lib/libsecurity.1 3481558456 13080 /usr/lib/libsec.a(mandlib.o) 23154580 2072 /usr/lib/libsec.a(psecerror.o) 4289577938 17108 /usr/lib/libsec.a(getprpwent.o) 401969751 14232 /usr/lib/libsec.a(authcap.o) 11071229 10246 /usr/share/man/man3.Z/mand.3 1539658251 1088 /usr/share/man/man3.Z/psecerror.3 11071229 10246 /usr/share/man/man3.Z/mand_ir_to_class_er.3 1539658251 1088 /usr/share/man/man3.Z/strsecerror.3 Patch Conflicts: None Patch Dependencies: s700: 10.26: PHKL_17761 PHCO_18636 s800: 10.26: PHKL_17762 PHCO_18636 Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_17760 PHCO_17856 PHCO_18179 Equivalent Patches: None Patch Package Size: 6110 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_18502 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_18502.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHCO_18502.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_18502. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_18502.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_18502.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None