Patch Name: PHNE_14985 Patch Description: s700_800 10.X HP X400 D.02.00 cumulative patch Creation Date: 98/05/12 Post Date: 98/05/20 Hardware Platforms - OS Releases: s700: 10.01 10.10 10.20 10.30 s800: 10.01 10.10 10.20 10.30 Products: HP_X.400 D.02.00 Filesets: X400.X400-RUN,D.02.00 X400.X400-RUN,D.02.00.01 X400.X400-GAPI-PRG,D.02.00 X400.X400-GAPI-PRG,D.02.00.01 Automatic Reboot?: No Status: General Superseded Critical: No (superseded patches were critical) PHNE_8148: OTHER OpenMail and other XAPI applications fail. Path Name: /hp-ux_patches/s700_800/10.X/PHNE_14985 Symptoms: PHNE_14985: 5003353862: Problem with ASN.1 parser leaving t files within OQs after issue. D500359067: X4queview utility shows year in the trace information as 100 for year 2000. 1653243790: Mailnodes not in the primary routing table may return NDN not use altrt. 1653238758: If there are persistent transient network problems, some tiems RTS is not returning the message to MTA for generating NDN, after the maximum transfer time (MTT) is crossed. 1653238766: If there are persistent transient network problems, after some time RTS stops sending outbound messages. D500352518: While parsing octect body part the Mapper fails with OM-TEMPORARY ERROR-22 PHNE_13366: 5003387977: MTA core dump Power upon receipt of corrupt PDU with more than 5 chars as initials PHNE_11682: 1653217653: RTS is not considering the attempt to connect time to another system (ie that time expired between A_ASSOC_req and Provider_Abort) as part of the maximum time to transfer. 1653218032: XAPI parsing of a message containing a nested generalised text body from an Exchange system failed with an OM_TEMPORARY ERROR and out of memory diagnostic. It was also found that the Content correlator of the PDU was parsed but caused a failure during mt_transfer out. 1653220533: If processing a message containing a blank O/R recipient (resulting from a problem on the sending system) this message has a non-delivery report correctly generated, however parts of the following message becomes corrupted with the contents of the first. 1653223685: Messages generated by the XAPI library contain redundant external trace records in certain circumstances. 1653217000: MTA generates a non-delivery report for a PDU (returned from an RTS delivery attempt) despite the fact that the PDU has been successfully delivered via another route. D500322057: In PHNE_8697/8 MTA and XAPI library only, a single-space ADMD within an O/R address is not processed correctly. The ADMD field generated is zero length in ASN. 1653193615: MTA core dumps with signal 11 when processing message containing a O/R recipient with a large number of directory attributes. 5003376863: Not possible to start up rts as user other than root. PHNE_10898: 1653208546: The maximum time to transfer a message does not operate for any messages after the first when several messages are queued for an adjacent MTA. Once a transfer is started with a message which can not be transferred within the specified time, that first message is correctly returned back to the MTA. However any following large message that takes longer than that time to transfer is transferred completely and is not returned to the MTA. 1653189498: This SR arises because of a problem reported in OpenMail. When processing file transfer body parts, the XAPI library leaves temporary files in /var/opt/x400/tmp. These have the prefix 'g' and contain a copy of the body part. The resulting disc usage was a problem for heavily used systems. 1653148627: When using RFC1327 feature to translate from X400 domain names and RFC822 domain names (using entries in the x42rfc.map file), recipient names are not being correctly mapped in resulting messages sent to sendmail, which rejects them with an NDR indicating User agent not known at destination. D500264606: The RFC1327 facility does not support the wild-card address translation feature (allowing for omitted parts of the domain hierarchy). For example, entries of the form O$@ within the x42rfc.map file are not processed. 5003352682: When using the RFC1327 address translation facility, a valid RFC822 address that appears within a DDA component of an X400 address is not used, though if RFC1327 is disabled then it is used correctly. 1653157339: The HP X400 MTA product does not ignore leading blanks in OR attributes as is required by X.402. In some circumstances when working with other MTAs, this gave rise to looping of messages. PHNE_8697: D500276121: X4admin fails to delete a route under certain circumstances. It seems that for any particular MTA, the first route in the list of routes for that MTA cannot be deleted. Instead, the program outputs the warning: (X4MSG 4536) WARNING: This route contains T.61 characters. You should enter another route containing printable string equivalents for the following fields: Organization Unit Names Domain Defined Attributes A success message is then output although the route is not deleted. 4701263723: Under certain circumstances, the RTS program appears to loop, outputting a large number of errors of the type 04/16-19:49:55 * TOO MANY SESSION EVENTS * (X4EVENT 3551) 04/16-19:49:55 * TOO MANY SESSION EVENTS * (X4EVENT 3551) to the r###.evnt file, and also not responding to the x4stop command. D500284067: An interoperability problem with a new third-party has been identified, relating to the data passed when the RTS makes an initial connection to the adjacent MTA. (This data is contained in the session connection identifier). The adjacent rejects the connect request with a validation failure. 5000716738: Certain truncated or corrupt PDUs when submitted to the MTA cause the MTA to loop. Excessive CPU is consumed and the program does not respond to the x4stop command. D500283655: Access to files necessary to support X400 under MC/ServiceGuard available only with the OpenMail product, and so are not available when running X400 "standalone". D500283663: With the introduction of sendmail version 8.7 on HP-UX 10.20 the HP X.400 sendmail gateway no longer works. With the new format of the sendmail.cf file, x4mailer is not recognised as the relevant sendmail mailer. PHNE_8148: D500271205: XAPI library in released version of HP X.400 D.02.00 (on the August 1996 applications release media) is not backwards compatible with previous versions of the product. As a result, it will not function correctly with OpenMail or with any existing user applications that utilise the API. D500271593: A further change was made to make the product conformant with the latest MAWG spec in the area of file transfer body part data element creation. However this has given rise to interoperatability problems with other existing MTAs that do not support the latest version of the spec. (Messages received from the HP MTA appeared corrupt). Defect Description: PHNE_14985: 5003353862: While processing the corrupted PDUs , which caused the MTA to loop indefinetely was fixed in the patch PHNE_8698 for SR5000716738. However the result leaves t files in the the /oq directory.The parser creates a t file in OQ at the time of formatting the PDU.As per the previous fix , while formating and copying the content part of PDU, as soon as it detects the corruption in PDU, it just moves the original PDU to UQ, leaving the t file in OQ as such. The current fix before moving the PDU to UQ, deletes the t file in OQ directory. D500359067: While processing trace information the year field should be displayed as mod of 100. 1653243790: While handling messages without having matching route in the primary routing table , the previous algorithm checks for the default route and routes it to default MTA. If there is no default , it generates NDNa. If the message has returned from default route, it doesnot check for the alternate route for default , instead sends NDN.The current fix checks for the alternate link to default route and if exists it routes the message to the alternate link.If that alternate link to default also fails, it checks for the next alternate link and try to reroute the message. Once there are no more alternate links to default route, an NDN will be generated. 1653238758: RTS, while sending the messages or after sending the messages if there is no response from the adjacent RTS, and MTT is over, then sends a Activity discard request and waits for the response. If there is no response waits indefinitely, and so not returning the message to MTA, for NDN. This has been modified so that if MTT is over and no responses, then RTS will abort the connection and give the message to MTA. (Fixed in RTS version D.02.00.10). To enable this patch /etc/opt/x400/.ub_on_timeout file must exist 1653238766: If RTS is not able to establish connection with adjacent RTS within the MTT (No confirmation for connect request) because of transient network problems, RTS give back the message to MTA for NDN, without actually closing the attempted connection. Since there are only 128 concurrent connections to OTS stack is possible after 128 unscucessful connections, RTS can't get new connection ids from OTS. So RTS will not be able to send outgoing messages. This is has been fixed, so that RTS will send an user abort after unsuccessful connection. (Fixed in RTS version D.02.00.10). To enable this patch /etc/opt/x400/.ub_on_timeout file must exist. D500352518 While parsing the octet body part, if there is a failure, the read_octv function returns -1, if success there is not return statement and so some garbage is returned. So eventhough the read_octv function is success, the return value may be negative and hence the failure. File changed ext.c PHNE_13366: 5003387977: The initials field allows only 5 char per standard definition. The length overrun was not detected by the parser and caused the core dump. All Teletext attributes were using double the length for each attirbute. This (e.g. 2*INITAILS_LEN) incorrect, even though Teletex characters might be composed characters and was not carried through all occurrences of all automatic code generations. The mta code for example does not know about the 2*Length and allocated only the single length. The automatic length check was overwritten by the 2*Length and therefore did not detect a problem. PHNE_11682: 1653217653: RTS so far assumed that the time between an initial connection request and matching response (or Provider Abort) is negligible. This may not the case in an X.25 environment which can be slow to respond, whether or not the remote system is running. This elapsed time is now measured and taken into account when determining if the configured maximum time to transfer a message limit has been exceeded. (Fixed in RTS version D.02.00.04) 1653218032: The routine to parse general text was not correctly processing a multiple (nested) constructed OCTET STRING. This routine has been rewritten to correct this defect. An additional problem was corrected where a particuler PDU was parsed but caused a failure during mt_transfer out. The syntax of the PDU-content generator was written as an OM_OCTET_STRING API Object, when the correct syntax is OM_S_ENCODED_STRING. (Fixed in MTA version D.02.00.07 and XAPI library D.02.00.07) 1653220533: As a result of receiving a message in which one O/R recipient was empty, the MTA generated a NDN for this recipient and then attempted to transfer the message to the other recipients. The NDN generation succeeded but removed the P22 content from memory as well as the files containing the body parts. This caused the following generation of transfer PDUs to run with uninitialised data. Temporary (t) files are generated which contain the resulting incomplete PDUs. The P22 structures and body part files are now only removed if all processing for this message has been finished. (Fixed in MTA version D.02.00.05) 1653223685: This problem arose as a result of a fix to another defect. It was caused by an inconsistency between the ASN parsing code (used by the MTA and XAPI library) which incorrectly sets the ADMD field of the Global Domain Identifier to be an optional field, and other XAPI code which declares it is mandatory. This allowed the parsing of an incorrect PDU and later caused problems generating NDN's or forwarded messages derived from it, including the addition of external trace records containing a blank ADMD field. (Fixed in MTA version D.02.00.06 and XAPI library D.02.00.06) 1653217000: The routine that copies the PDU file back to the MTA queue was using a active PDU name (M????) instead of a temporary name during the copy process. This was detected by the MTA how then tried to process the PDU before it was completely copied. The routine now uses a temporary name which is ignored by the MTA until the name is activated. The change was in the RTS code. (Fixed in RTS version D.02.00.05) D500322057: This problem derives from a side-effect to a fix in the previous patch (SR 1653157339). The code added in there to strip leading spaces from ADMD fields did not account correctly for the special case of a single space ADMD. (Fixed in MTA version D.02.00.04) 1653193615: When processing an O/R name with a large number of directory attributes, a buffer used to convert object ids into printable string is only appended to, and is never reset to zero length each time. Therefore the mta eventually runs out of allocated buffer space and core dumps. (This was actually fixed in PHNE_10898, but was omitted from the patch documentation) 5003376863: The permissions on the rts program file have been incorrectly set in patches PHNE_8697 and PHNE_10898 on 10.x: it should have an ownership of user:root instead of user:x400. PHNE_10898: 1653208546: The reported symptom shows because the transfer timer is not properly reset after a timeout. This problem has been fixed as follows: The transfer timer is started before the AP-Connect request (to catch a possible timeout due to non-responding RTS peer). It is then cleared and re-started on each PDU that is transmitted. If a PDU transmission fails because of excessive length or network problems, it is returned to the MTA for re-routing. 1653189498: The XAPI was creating temporary files and did not remove them. The handling of FTBP15 messages has been changed to remove these temporary files. 1653148627: This problem resulted from a situation where mapping would either not take place at all, or that it did not take place in a case-insensitive way. The x4mailer program has been corrected to deal with these situations. D500264606: Code to support the wild-card address translation capability did not exist and has now been provided. Now, a wild-carded element in the map files is effectively ignored in the construction of an X400 address from and rfc822 address, and in the reverse will not be prepended to the domain address when this is constructed from an X400 address. 5003352682: Code to support extraction of rfc-822 addresses from a DDA element when RFC1327 is enabled did not exist and has now been provided. 1653157339: The parsing and formatting routines are taking the O/R addresses as received from PDU or calling routines. This handling is non-conformant to X.402. The MTA parsing has been changed to convert any incoming Standard Attributes and Domain Defined Attributes (of O/R Names and Global ID's) to conform to X.402 character restrictions, which are that leading, trailing or more than one consecutive embedded space characters will be ignored. The XAPI interface is also affected. Both the MTA and XAPI interface will accept non-conforming Standard Attributes and DDAs, but will convert them to and transmit them in the conforming format. PHNE_8697: D500276121: A defect was introduced into x4admin which prevented the deletion of the first route of an MTA during the development of unrelated enhancements. This patch corrects that defect. 4701263723: A looping RTS arises from an unexpected (incorrect) return code from OTS, that occurs when an RFC1006 subnet was configured and no 802.3 subnet, and the NSAP is invalid for an adjacent MTA. OTS returns the primitive code 0x8422, rather than sending a provider abort indication to the RTS as it should. This patch includes an interim fix that prevents the RTS looping and makes it possible to shut down in the conventional way. The RTS will stall when it hits the invalid address, although the relevant MTA can be determined from the last r### file logged to. D500284067: The contents of the session connection identifier (SCID) were rejected because the TSAP of the local system transmitted to the remote system is in the incorrect format, although previously tested MTAs do not validate the field so rigidly. 5000716738: When copying a truncated PDU to the output queue for subsequent transmission, the length taken for the body part is taken to be that recorded in the PDU, even though truncation has taken place. Looping resulted because the MTA failed to register when end of file had been hit. The offending PDU is now transferred to the undeliverable queue, and this is indicated in the event file. D500283655: Files necessary to build up an MC/ServiceGuard package to support HP X.400 not released with HP X.400, but only with OpenMail. The necessary files are included in this patch: /opt/x400/newconfig/control.sh /opt/x400/newconfig/services.ascii (empty) D500283663: The format of sendmail.cf has changed such that the x4smupdate script no longer comments out the relevant entries in the file to make x4mailer the sendmail mailer for X400. This patch includes a corrected version of x4smupdate. NOTE: To make use of the HP X.400 sendmail interface on HP-UX 10.20 the patch PHNE_8702 (and NOT PHNE_8011 as indicated elsewhere), a patch to sendmail itself, MUST be installed. PHNE_8148: D500271205: This results from a change to the EMA MAWG spec for the File Transfer Body Part, relating to the object items IM_SIZE and IM_LAST_MODIFICATION_DATE. The released D.02.00 product assigned values to these items as per the latest specification. However this gave rise to compatibility problems, and so the values have been reversed, in keeping with the version of the spec supported by HP X.400 D.01.01 and earlier. D500271593: A further change was made to make the product conformant with the latest MAWG spec in the area of file transfer body part data element creation, so that the data is encoded as OCTET_ALIGNED, rather than as a SINGLE_ASN1_TYPE. This patch reverts that change. SR: 5003353862 D500359067 1653234790 1653238758 1653238766 D500352518 5003387977 1653217653 1653218032 1653220533 1653223685 1653217000 D500322057 1653193615 5003376863 1653157339 1653208546 1653148627 1653189498 D500264606 5003352682 D500276121 4701263723 D500284067 5000716738 D500283655 D500283663 D500271205 D500271593 Patch Files: /opt/x400/lbin/admin /opt/x400/lbin/rts /opt/x400/lbin/mta /opt/x400/bin/x4smupdate /opt/x400/bin/x4queview /opt/x400/lib/gtwapi/libMT.a /opt/x400/lbin/x4mailer /opt/x400/newconfig/control.sh /opt/x400/newconfig/services.ascii /opt/x400/lib/gtwapi/ximp88 /opt/x400/lib/gtwapi/include/ximp.h /opt/x400/bin/patch/PHNE_14985/ompatch.idx what(1) Output: /opt/x400/lbin/admin: X400-RUN: D.02.00.01 $Date: 96/09/02 11:29:01 $ /opt/x400/lbin/rts: X400-RUN: D.02.00.10 $Date: 98/04/28 07:29:40 $ /opt/x400/lbin/mta: X400-RUN: D.02.00.09 $Date: 98/04/28 06:36:19 $ /opt/x400/bin/x4smupdate: X400-RUN: D.02.00.01 $Date: 96/11/13 09:25:41 $ /opt/x400/bin/x4queview: X400-RUN: D.02.00.01 $Date: 98/05/04 08:27:52 $ /opt/x400/lib/gtwapi/libMT.a: X400-GTWAPI: D.02.00.09 $Date: 98/04/28 08:38:34 $ /opt/x400/lbin/x4mailer: X400-RUN: D.02.00.01 $Date: 97/01/30 18:12:48 $ 9.X nsswitch patch Rev B /opt/x400/newconfig/control.sh: No what strings /opt/x400/newconfig/services.ascii: No what strings /opt/x400/lib/gtwapi/ximp88: No what strings /opt/x400/lib/gtwapi/include/ximp.h: No what strings /opt/x400/bin/patch/PHNE_14985/ompatch.idx: No what strings cksum(1) Output: 4037327546 1302788 /opt/x400/lbin/admin 484552335 630784 /opt/x400/lbin/rts 2398672503 987136 /opt/x400/lbin/mta 3667907843 4931 /opt/x400/bin/x4smupdate 606358866 679936 /opt/x400/bin/x4queview 1403320782 1429980 /opt/x400/lib/gtwapi/libMT.a 2874021217 847872 /opt/x400/lbin/x4mailer 1964020355 26436 /opt/x400/newconfig/control.sh 4294967295 0 /opt/x400/newconfig/services.ascii 2741427272 3358 /opt/x400/lib/gtwapi/ximp88 2736031739 8589 /opt/x400/lib/gtwapi/include/ximp.h 798356736 26332 /opt/x400/bin/patch/PHNE_14985/ompatch.idx Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_8148 PHNE_8697 PHNE_10898 PHNE_11682 PHNE_13366 Equivalent Patches: PHNE_14986: s700: 9.01 9.03 9.05 9.07 s800: 9.00 9.04 Patch Package Size: 5880 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_14985 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_14985.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_14985.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_14985. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_14985.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_14985.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: SUBSYSTEM_SHUT 1. General HP X.400 and any applications utilising the XAPI interface must be shut down before installing this patch. 2. XAPI Interface The following applies to the HP X.400 released on the August 1996 Applications Release media ONLY. - This patch MUST be installed if using HP X.400 version D.02.00 in conjunction with OpenMail. - This patch MUST be installed if using HP X.400 version D.02.00 with any previously created user applications that utilise the XAPI programmatic interface - Any XAPI applications that were built using the XAPI library and header files MUST be recompiled and relinked with this patch installed. The cause of the problem giving rise to the above requirements has been fixed in the subsequent applications release (November/December 1996). This patch can be installed over that version of HP X.400 with no adverse effect. 3. MC/ServiceGuard support of HP X.400 Standalone The support of OpenMail and X400 together under MC/ServiceGuard is described at length in the document "OpenMail MC/ServiceGuard Technical Guide", which can be found under the Enterprise Messaging Encyclopedia on the web. (Go to URL location: http://www.ice.hp.com and search for "ServiceGuard".) It is strongly recommended that this document is read thoroughly before proceeding. The files provides in this patch provide the means to run HP X400 under MC/ServiceGuard, without OpenMail also being installed. The control.sh file is a template and will require editing to suit the requirement of the system on which HP X.400 is installed. Where references to the file /opt/openmail/newconfig/omsg/control.sh are made in the above document (see "Creating the Package"), the control.sh file supplied in this patch should be used. The services.ascii file should also be substituted. 4. Session Connection ID format change The following steps should be taken in the specific circumstance where an interoperability problem occurs with another X400 system, relating to the format of the session connection identifier. Two problems have been encountered, which are corrected by the presence of the indicated trigger files when the RTS program is started. a) If the adjacent MTA is configured with: "use unstructured SCID = N", the session connect id (SCID) is not T61 encoded. This has been found to be a problem for some X400 products, and is corrected by the presence of the files: /etc/opt/x400/.send_t61_callid (on 10.x) or /usr/lib/x400/.send_t61_callid (on 9.x). (Just "touching" the file is sufficient). b) To ensure that the local TSAP (or local SSAP if one is configured) is encoded in the SCID character for character rather than as a string of characters equivalent to the hex representation (eg as "MHS" (hex 4D 48 53) rather than "4D4853" (hex 34 44 34 38 35 33)) touch the file: /etc/opt/x400/.plain_copy_callid (on 10.x) or /usr/lib/x400/.plain_copy_callid (on 9.x). Note: The default behaviour of the RTS is unchanged. 5. Sending User abort if MTT times out and No response To ebnable RTS to send user abort on timeout (SR 1653238758 and 1653238766 of patch PHNE_14985), the file /etc/opt/x400/.ub_on_timeout special must exist. To create the file, log on as x400 user and execute the following command touch /etc/opt/x400/.ub_on_timeout for HP UX-10.x Note: The default behaviour of the RTS is unchaged