Patch Name: PHCO_22590 Patch Description: s700_800 10.26 Software Distributor cumulative patch Creation Date: 00/10/31 Post Date: 01/05/02 Hardware Platforms - OS Releases: s700: 10.26 s800: 10.26 Products: N/A Filesets: BLS.BLS-CORE SW-DIST.RUPDATE SW-DIST.SD-AGENT SW-DIST.SD-CMDS SW-DIST.SD-ENG-A-MAN Automatic Reboot?: Yes Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHCO_22590 Symptoms: PHCO_22590: Repackaging of PHCO_20209 (PHCO_20209:) JAGab71751: swagentd aborts on some 10.20 systems after 7-12 days with a segv. JAGab76955: /sbin/init.d/swagentd contained code which could be exploited to damage the local filesystem. PHCO_20534: In certain configurations, the SD commands will always fail, with the message: /usr/sbin/swagentd: Privilege required for operation PHCO_19560: 1. The SD-UX command set includes commands which must be executed by the root user in traditional Unix. 10.26 systems typically do not have active root user accounts and therefore the SD-UX command set needs a way to be run by other authorized users. 2. Repackaging of 10.20 patch PHCO_15206 for TOS. (PHCO_15206:) FSDdtdt22879: PHSS_11482 broke SD-UX commands for users with high UIDs. FSDdt22711: swverify ACL behavior did not match original product design. FSDdt22173, FSDdt22752: Buffer overwrites and data corruption could result from unexpected input, causing abnormal program termination. FSDdt22610: Files written to depots by swpackage could have invalid attributes. FSDdt21069, FSDdt22674, FSDdt22693: RPC data could sometimes become corrupted by swagentd. (PHSS_11482:) This SD patch fixes the following symptoms. These numbers correspond to Defect Description numbers: 1. Swinstall can hang when Glance is running. 2. Scheduled jobs can fail due to inability to save session files such as swinstall.last. 3. Swacl fails to see depot products that contain empty subproducts. 4. Disk space analysis can be wrong when installing patches. 5. The fpkg2swpkg program has incorrect ownership and permissions. 6. Swinstall can fail to make RPC connections when a hostname is longer than 8 characters. 7. Swjob fails to see any jobs on a system when hostname contains a dash character. Defect Description: PHCO_22590: Repackaging of PHCO_20209 (PHCO_20209:) JAGab71751: swagentd code contained an incorrect use of a local automatic variable, resulting in stack corruption in some circumstances. JAGab76955: Don't allow the script to overwrite a pre-existing temporary file. PHCO_20534: The 'chsubjil' privilege was not being raised appropriatly. PHCO_19560: The SD-UX command set was not ported to 10.26. Repackaging of 10.20 patch PHCO_15206 for TOS. Resolution : There is now a command wrapper, "swwrapper", which acts as a security-aware front-end to the SD-UX command set. This wrapper acts implicitly whenever the original commands are specified. The wrapper specifies that the invoking user must possess the sdcmds authorization for all commands except the "swacl" command, which must be invoked by a user with the isso authorization. (PHCO_15206:) FSDdt22879: PHSS_11482 was incorrectly linked. FSDdt22711: Code determining swverify behavior permission behavior did not match original design documentation. FSDdt22173, FSDdt22752: Some malformed input data could be written into buffers which were to small, resulting in abnormal program termination. FSDdt22610: swpackage did not perform adequate checking of file attributes. FSDdt21069, FSDdt22674, FSDdt22693: RPC data was sometimes misinterpreted by swagentd. (PHSS_11482:) This shows details of problems fixed by this patch: 1. A swinstall target agent could hang when swinstall Interactive User Interface was used and TCP protocol was used. This was more likely when Glance was running at the same time swinstall GUI was being used. This patch fixes swagent to avoid the hang. 2. Swagentd did not reset certain environmental variables when starting jobs that were scheduled by non-superuser. This patch corrects the behavior. 3. Swacl could not operate on any product that contained an empty subproduct. This patch fixes swacl to see all products. 4. Scripts in HP-UX patch filesets reserved disk space using units different than used internally in SD. This patch modifies SD to correctly handle disk space numbers supplied by scripts in HP-UX patches. 5. This patch fixes ownership and permissions of the fpkg2swpkg program. 6. SD commands sometimes used the uname function to determine local hostname, truncating the SD copy of local hostname to 8 characters. This patch fixes SD commands to always use the gethostname function, so full length hostname is always used. 7. On a system with hostname containing a dash character, jobs were stored incorrectly. The swjob command can not see those stored jobs. This patch fixes SD commands to store jobs correctly when hostname contains a dash character. Swjob will see all jobs created after this patch. SR: 1653189134 1653186429 Patch Files: /usr/lbin/sw/control_utils /usr/lbin/swagent /usr/lib/nls/msg/C/swpackage.cat /usr/lib/nls/msg/C/swutil.cat /usr/lib/sw/sys.defaults /usr/lib/sw/ui/C/smc_jobopts.ui /usr/lib/sw/ui/C/smc_targets.ui /usr/sbin/fpkg2swpkg /usr/sbin/pushAgent /usr/sbin/sd /usr/sbin/swacl /usr/sbin/swagentd /usr/sbin/swconfig /usr/sbin/swcopy /usr/sbin/swdepot /usr/sbin/swinstall /usr/sbin/swjob /usr/sbin/swlist /usr/sbin/swmodify /usr/sbin/swpackage /usr/sbin/swreg /usr/sbin/swremove /usr/sbin/swverify /usr/share/man/man1m.Z/pushAgent.1m /usr/sbin/swwrapper /etc/auth/system/files.fcdb/05.base/PHCO_19560.fcdb /etc/auth/system/files.fcdb/05.base/PHCO_20534.fcdb /sbin/init.d/swagentd what(1) Output: /usr/lbin/sw/control_utils: $Revision: 5.15 $ /usr/lbin/swagent: $Revision: 5.1, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, AGENT, PHCO_20209, Optimized, Built Dec 1 4 1999 09:17:24$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/lib/nls/msg/C/swpackage.cat: None /usr/lib/nls/msg/C/swutil.cat: None /usr/lib/sw/sys.defaults: None /usr/lib/sw/ui/C/smc_jobopts.ui: None /usr/lib/sw/ui/C/smc_targets.ui: None /usr/sbin/fpkg2swpkg: None /usr/sbin/pushAgent: None /usr/sbin/sd: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swverify: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swacl: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swconfig: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swcopy: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swdepot: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swinstall: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swjob: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swlist: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swreg: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swremove: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, CONTROLLER, PHCO_20209, Optimized, Built Dec 14 1999 09:18:09$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swagentd: $Revision: 5.1, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, DAEMON, PHCO_20209, Optimized, Built Dec 14 1999 09:18:48$ /usr/sbin/swmodify: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, PACKAGER, PHCO_20209, Optimized, Built De c 1 1999 11:55:21$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swpackage: $Revision: 5.2, SD-OV/A.01.02.16, SD-UX/B.10.20.00.1 6, PACKAGER, PHCO_20209, Optimized, Built De c 1 1999 11:55:21$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/share/man/man1m.Z/pushAgent.1m: None /usr/sbin/swwrapper: 1999/11/29 Hewlett-Packard HP-UX 10.26 TOS [ ic5dy - DAV17 ] 99/11/24 seccmd/sdcmds/swwrapper.c, hpux, hpux_10.26 , ic5dy Revision 1.10 PATCH_10.26 (PHCO_2053 4) /etc/auth/system/files.fcdb/05.base/PHCO_19560.fcdb: None /etc/auth/system/files.fcdb/05.base/PHCO_20534.fcdb: 99/11/24 etc/auth/system/files.fcdb/05.base/PHCO_205 34.fcdb, hpux, hpux_10.26, ic5dy Revision 1. 1 PATCH_10.26 (PHCO_20534) /sbin/init.d/swagentd: $Revision: 1.3 cmd/init.d/swagentd, hpux, hpux_10.26 , ic5fg $ $Date: 00/10/26 11:20:27 $ Hewlett -Packard Co. 00/10/26 cmd/init.d/swagentd, hpux, hpux_10.26, ic5f g Revision 1.3 PATCH_10.26 (PHCO_22590) $Revision: 5.9 $ cksum(1) Output: 1872983272 47164 /usr/lbin/sw/control_utils 3146856911 954368 /usr/lbin/swagent 521435351 27364 /usr/lib/nls/msg/C/swpackage.cat 3050554707 64944 /usr/lib/nls/msg/C/swutil.cat 1201548098 99079 /usr/lib/sw/sys.defaults 4160945067 73233 /usr/lib/sw/ui/C/smc_jobopts.ui 859042836 11655 /usr/lib/sw/ui/C/smc_targets.ui 2004123118 192672 /usr/sbin/fpkg2swpkg 2737907432 110869 /usr/sbin/pushAgent 3551385249 1609728 /usr/sbin/sd 3551385249 1609728 /usr/sbin/swverify 3551385249 1609728 /usr/sbin/swacl 3551385249 1609728 /usr/sbin/swconfig 3551385249 1609728 /usr/sbin/swcopy 3551385249 1609728 /usr/sbin/swdepot 3551385249 1609728 /usr/sbin/swinstall 3551385249 1609728 /usr/sbin/swjob 3551385249 1609728 /usr/sbin/swlist 3551385249 1609728 /usr/sbin/swreg 3551385249 1609728 /usr/sbin/swremove 4259575647 446464 /usr/sbin/swagentd 1999363315 770048 /usr/sbin/swmodify 1999363315 770048 /usr/sbin/swpackage 3758846892 4931 /usr/share/man/man1m.Z/pushAgent.1m 405936254 16384 /usr/sbin/swwrapper 4294967295 0 /etc/auth/system/files.fcdb/05.base/ PHCO_19560.fcdb 970055129 2869 /etc/auth/system/files.fcdb/05.base/ PHCO_20534.fcdb 2666661 11682 /sbin/init.d/swagentd Patch Conflicts: None Patch Dependencies: s700: 10.26: PHCO_20022 PHCO_20325 s800: 10.26: PHCO_20022 PHCO_20325 Hardware Dependencies: None Other Dependencies: This patch depends on the reboot(1M) patch. Please insure that patch PHCO_20325 or its superseded patch is already installed. Supersedes: PHCO_19560 PHCO_20534 Equivalent Patches: PHCO_20209: s700: 10.20 s800: 10.20 Patch Package Size: 4420 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_22590 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_22590.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_22590. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_22590.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_22590.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: 1) The cumulative manpages patch PHCO_20022 or its superseded patch must also be installed. 2) The reboot(1M) patch PHCO_20325 or its superseded patch must also be installed. 3) The message in the swagent.log regarding ": No such file or directory" can be ignored if you swremove this patch from the system. This is due to a known problem with the tar command dealing with softlink.