Patch Name: PHCO_8981 Patch Description: s700_800 10.10 libc cumulative patch Creation Date: 96/12/02 Post Date: 96/12/10 Hardware Platforms - OS Releases: s700: 10.10 s800: 10.10 Products: N/A Filesets: OS-Core.C-MIN OS-Core.CORE-SHLIBS ProgSupport.PROG-MIN ProgSupport.PROG-AUX OS-Core.UX-CORE Automatic Reboot?: No Status: General Superseded Critical: No (superseded patches were critical) PHCO_8763: CORRUPTION Path Name: /hp-ux_patches/s700_800/10.X/PHCO_8981 Symptoms: PHCO_8981: The libc routine ulckpwdf always returns -1. As a result, the /etc/.pwd.lock can not be unlocked. DSDe431142, SR5003338038. Memory leak in globfree(). DSDe431962, SR5003344192. If given weekday is the same as today and within the last 7 days of the month, getdate() would return an Error 8. DSDe431143, SR1653185629. In non-C locales, non-blank lines would match pattern ^$ for regcomp(). DSDe431505 DSDe432126. User applications hit a limit of 1023 for number of sets in a message catalog. DSDe431644, SR5003341271. Call to tempnam(), mktemp() and mkstemp() sometimes returned a dangling symlink as the name for a temporary file. SR1653189134. The strptime and getdate calls did not handle two digit year specifications in the same manner. This has been addressed by providing strptime and getdate with an alternative behavior for dealing with two digit year specifications. In order to obtain the alternative behavior, which interprets two-digit year values in the range 66-99 to refer to the twentieth century and values in the range 00-68 to refer to the twenty-first century, the executable must link with the supplied object file, /usr/lib/year2000.o. Existing executables will continue to get the compatible behavior. DSDe430766, SR4701334763. The getdate() routine fails with a signal 11 segmentation violation when accessing a datemask file that contains a very large number of alternative date formats. DSDe429925, SR1653176883. PHCO_8763: Random truncaton of strings with strcat due to fix attempted in PHCO_8369. PHCO_8369: Significant performance degradation of regular expression processing in 10.X compared to 9.x. Affects awk, grep, sed, etc. The readdir() call may inadvertently call a user-defined routine. getcwd returns EINVAL when a negative buflen is passed in. memchr tries to read beyond end of valid memory when char is not found in thestring and may core dump. Sometimes strcat would attempt to access an unmapped page of memory. - The group permissions of the parent directory of the home directory does not have to be set for "all" for the ".rhosts" check to succeed. The "rhosts" check changes the effective group id to the real group id before opening ".rhosts" file. - ruserok() did not properly parse the username in hosts.equiv. PHCO_7799: Runtime message catalog functions only support 255 message groups. When customer runs command: setprivgrp -g LOCKRDONLY, the NIS system hangs. regexec does not find pattern "(a*|b)c" in input "c" Call to setlocale() caused LC_ALL string to become corrupt. If the ndots resolver option is configured in /etc/resolv.conf and res_init() is directly or indirectly called, a memory leak will occur. Applications using gethost*() API's or directly using resolver API's (res_*()) in a DNS environment are open to this problem. "$^" with REG_NEWLINE matches all lines, not just empty. PHCO_6809: Undocumented behavior for strncpy was missing. qsort performs very badly on sorted blocks of data - customer found that qsort on a file with 100,000 randomly sorted records took seconds, whereas a file of 100,000 records containing large sorted blocks took over an hour to sort. Under certain circumstances, a regcomp(3) memory leak causes an Uninitialized Memory Read from withing regfree(3). On 10.10 a call to fileno() with a NULL parameter simply returns NULL - that is until you have linked in libdce.sl which enables the thread safe version of fileno which core dumps when passed a NULL parameter. getutent_r, getutid_r, and getutline_r tests core dumped. Repeated calls to setlocale(3c) expose a memory leak. yp_bind routine doesn't time out, and will try forever if the server is not found. PHCO_6777: Also to fix the return value of sysconf() there are changes being made there. On 10.10 a call to fileno() with a NULL parameter simply returns NULL - that is until you have linked in libdce.sl which enables the thread safe version of fileno which core dumps when passed a NULL parameter. PHCO_6596: Under some circumstances registers were not being properly saved prior to calling signal handlers. setcontext() occasionally returns 100 to indicate success. Changes to always return 0 for success as required by Standards. Multiple calls to gettxt() would result in a "too many open files" error. telldir() returns an incorrect offset zero for the end of directory record. strptime(3c) does not return the correct information for 12:xx am. Includes change to getpwent.c in function matchname() so that it returns 1 instead of 0 if it finds the name under the MINUS section. Also includes change to getgrent.c so that interpret will stop processing if it finds a MINUS as part of the name. Defect Description: PHCO_8981: If you lock /etc/.pwd.lock using lckpwdf, there is no way to determine that it was unlock, because ulckpwdf always returns -1. Allocated memory was not properly free'd by globfree() after use. The day of the month was being improperly adjusted for the case when the day of the week matched today. Pattern map was set such that it would continue matching past end of pattern. The maximum number of message sets allowed in a message catalog was not high enough; it has been increased to 65535. The tempnam(), mktemp() and mkstemp() APIs did not check for a dangling symlink before returned it and this has been fixed now. The strptime and getdate calls were not consistent in the manner in which they handled two digit year specifications. When a very large template file is used, and the getdate() routine has to search far into the file to find a matching format specifier, getdate() overran the allocated array. PHCO_8763: The fix for strcat's page boundary problem caused truncation of some strings. PHCO_8369: Poor performance of 10.X regular expression processing in comparison to 9.x. The readdir() call failed to call the primary definition of a public routine. According to X/Open, getcwd takes a second argument of type of size_t and returns EINVAL only when the second argument is 0. memchr tries to read beyond end of valid memory when char is not found in thestring and may core dump. The strcat call didn't handle an optimized pre-fetching strategy properly, causing the read of bytes belonging to unmapped pages. 1. The "rhosts" check fails if the parent directory of the user's home directory does not have the right group permissions. Consider the case where the parent directory has permissions "710". /home - permissions rwx--x--- /home/student - permissions rwx------ - The directories home and student belong to the same group. The "rhosts" check fails when a remote user tries to login as "student". - This is because, the ruserok() routine does not change the effective group id to the real group id before opening ".rhosts" file. 2. Usernames in the host.equiv file are improperly parsed. - The ruserok() code now exhibits the expected and documented behavior. PHCO_7799: Add runtime support for message sets 256 thru 1023. Problem is in yp_bind.c. The second function call to flock() has a syntax error in the parameter list. The first call to flock() is correct. When this command is given the second function call to flock() is in code which is only invoked when Talk2_binder() is called. Then it hangs. Fix pmap array needed to be set true for alternation case when isfirst set to 0, since it was getting lost on next expression for case of echo c | grep -E '(a*|b)c' A previous fix for a setlocale() memory leak releases storage for LC_ALL string before it is appropriate. The implementation has been changed to use an internal static buffer. res_init() leads to the processing of the ndots option. In processing the ndots value a routine was called that could generate a recursive loop back to res_init(). During the recursive loop a memory leak would be generated. The code has been redesigned to avoid this loop condition. "$^" with REG_NEWLINE matches all lines, not just empty, caused by incorrect fix for DSDe427572. PHCO_6809: Added support back for an undocumented strncpy behavior which had been previously removed for performance reasons. qsort needed to pick an alternate pivot point when detecting sorted or partially sorted data in order to improve poor performance. When regcomp(3) returns the following error: ?, *, or + not preceded by valid regular expression the regex_t structure argument has already had memory allocated to it,resulting in a memory leak. If regfree(3) is called in this case, the result is a Uninitialized Memory Read from withing regfree. The thread-safe version of fileno() is trying to dereference a NULL pointer. endutent_r() and endutxent_r() assumed that a key had been created. This assumption is not valid, and checks have been put in to determine what action to take. Repeated calls to setlocale(3c) expose a memory leak. yp_bind was changed to retry 4 times, then timeout and quit if no success. PHCO_6777: Bug in sysconf(). The thread-safe version of fileno() is trying to dereference a NULL pointer. PHCO_6596: Multiple calls to gettxt() would result in a "too many open files" error. telldir() returns an incorrect offset zero for the end of directory record. strptime(3c) does not return the correct information for 12:xx am. Includes change to getpwent.c in function matchname() so that it returns 1 instead of 0 if it finds the name under the MINUS section. Also includes change to getgrent.c so that interpret will stop processing if it finds a MINUS as part of the name. SR: 1653159293 5003294843 5003291716 5003290056 5003320648 1653174425 4701309294 1653155929 1653169615 5003338038 5003344192 1653185629 5003341271 1653189134 4701334763 1653176883 Patch Files: /usr/lib/libc.a /usr/lib/libp/libc.a /usr/lib/libpicc.a /usr/lib/libc.1 /usr/lib/.unix95/context.o /usr/lib/year2000.o what(1) Output: /usr/lib/libc.a: PATCH/10_10 PHCO_8981 $Revision: 76.162.1.14.1.27 $ /usr/lib/libp/libc.a: PATCH/10_10 PHCO_8981 $Revision: 76.162.1.14.1.27 $ /usr/lib/libpicc.a: PATCH/10_10 PHCO_8981 $Revision: 76.162.1.14.1.27 $ /usr/lib/libc.1: PATCH/10_10 PHCO_8981 $Revision: 76.162.1.14.1.27 $ /usr/lib/.unix95/context.o: None. /usr/lib/year2000.o: None. cksum(1) Output: 1215113849 2277808 /usr/lib/libc.a 855481798 2496766 /usr/lib/libp/libc.a 10529406 2389576 /usr/lib/libpicc.a 2169895307 1712128 /usr/lib/libc.1 1958481032 1356 /usr/lib/.unix95/context.o 2160124585 476 /usr/lib/year2000.o Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_6596 PHCO_6777 PHCO_6809 PHCO_7799 PHCO_8369 PHCO_8763 Equivalent Patches: None Patch Package Size: 8730 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_8981 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_8981.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHCO_8981.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_8981. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_8981.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_8981.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None