Patch Name: PHNE_15544 Patch Description: s700_800 10.20 kftpd(1M) and kftp(1) Y2K cumulative patch Creation Date: 98/06/10 Post Date: 98/07/07 Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: N/A Filesets: InternetSvcSec.INETSVCS-SEC InternetSvcSec.ISEC-ENG-A-MAN Automatic Reboot?: No Status: General Release Critical: No (superseded patches were critical) PHNE_10011: OTHER A timing problem could occur on receipt of a simultaneous data close and ABORT. Path Name: /hp-ux_patches/s700_800/10.X/PHNE_15544 Symptoms: PHNE_15544: * ftp: problem with passing files. * FTP Newer command does not work as documented if file does not exist. * FTP:don't get error message if filesystem gets full. * Proxy Get command not working. * ftpd does not allow ports under 1024 even with -p option. * FTP giving error 425:Can't create data socket. * have inbound/outbound transfer logging in ftpd. * FTP Newer command has problem handling dates. PHNE_10011: (kftpd) * A ftp client could interrupt a data transfer by sending a data close and an ABORT. A timing problem has been observed on the kftpd side. PHNE_9786: (kftpd) * ftpd returns a 550 after an NLST when the file is not found. * Privileged ports cannot be specified as a part of the PORT command. * An error message "You've GOT to be joking" is displayed when a client specifies a privileged port as a data-port. * The command modtime displays incorrect date and time for some dates. Defect Description: PHNE_15544: * ftp: problem with passing files. * FTP Newer command does not work as documented if file does not exist. * FTP:don't get error message if filesystem gets full. * Proxy Get command not working. * ftpd does not allow ports under 1024 even with -p option. * FTP giving error 425:Can't create data socket. * have inbound/outbound transfer logging in ftpd. * FTP Newer command has problem handling dates. PHNE_10011: (kftpd) * kftpd has been fixed to handle a simultaneous data close and ABORT appropriately. PHNE_9786: (kftpd) * ftpd returns a 550 after a NLST when a file is not found. The return code was changed to 450 per RFC 959. * An option "-p" has been added. The PORT command can now specify a privileged port as a data-port if this option is set. * The error message "You've GOT to be joking" has been replaced by "Port command failure". * The command modtime now behaves correctly. SR: 4701373696 5003369611 1653245845 5003386581 1653245852 1653254193 1653232942 4701334763 4701346098 5003343970 5003344846 5003322867 Patch Files: /usr/lbin/kftpd /usr/share/man/man1m.Z/kftpd.1m /usr/bin/kftp what(1) Output: /usr/lbin/kftpd: Copyright (c) 1985, 1988 Regents of the University o f California. ftpd.c based on 5.28 (Berkeley) 4/20/89 Secure Internet Svcs - Revision 1.7.212.2 Fri Jun 5 10:50:10 GMT 1998 ftpcmd.y 5.20 (Berkeley) 2/28/89 glob.c 5.7 (Berkeley) 12/14/88 popen.c 5.7 (Berkeley) 2/14/89 logwtmp.c 5.2 (Berkeley) 9/22/88 /usr/share/man/man1m.Z/kftpd.1m: None /usr/bin/kftp: Copyright (c) 1985, 1989 Regents of the University o f California. main.c based on 5.13 (Berkeley) 3/14/89 Secure Internet Svcs - Revision 1.1.212.2 Fri Jun 5 10:48:45 GMT 1998 cmds.c 5.18 (Berkeley) 4/20/89 cmdtab.c 5.9 (Berkeley) 3/21/89 ftp.c 5.28 (Berkeley) 4/20/89 glob.c 5.7 (Berkeley) 12/14/88 ruserpass.c 5.1 (Berkeley) 3/1/89 domacro.c 1.6 (Berkeley) 2/28/89 cksum(1) Output: 2004446519 512000 /usr/lbin/kftpd 1804873779 7823 /usr/share/man/man1m.Z/kftpd.1m 3258613043 516096 /usr/bin/kftp Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_9786 PHNE_10011 Equivalent Patches: None Patch Package Size: 1070 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_15544 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_15544.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_15544.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_15544. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_15544.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_15544.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: The SIS product, if enabled has to be disabled before the installation and removal of this patch. If SIS is enabled during patch installation, the installation will fail with an error. To disable SIS use the following command: '/usr/sbin/inetsvcs_sec disable' After installation use the following command to enable SIS. '/usr/sbin/inetsvcs_sec enable' If SIS is enabled during patch removal,the patch removal will fail with an error. To disable SIS use the following command: '/usr/sbin/inetsvcs_sec disable' After removing the patch use the following command to enable SIS. '/usr/sbin/inetsvcs_sec enable'