Patch Name: PHNE_6976 Patch Description: s700_800 10.01 Raptor Systems Eagle International 3.0 patch Creation Date: 96/03/06 Post Date: 96/04/01 Hardware Platforms - OS Releases: s700: 10.01 s800: 10.01 Products: J2689AA Raptor Eagle System 1.0 J2693AA Raptor Eagle System 1.0 Filesets: RaptorEagleRemot.EAGLE-RUN,r=1.0 Automatic Reboot?: No Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_6976 Symptoms: PHNE_6976: Level 8: - Xwindows enhancement Level 7: - Firelogd crashes. A process listing shows that firelogd isn't running while the other firewall daemons are. Level 6: - DNS enhancements Level 5: - DNS enhancements Level 4: - DNS enhancements Level 3: - EagleLan isn't able to connect to the controlling Eagle firewall after rebooting. - Eagle daemons did not always startup during system boot. Level 2: - EagleMobile connections to Eagle or Eagle Lan firewall fail after setup information is verified to be correct. - EagleMobile setup would not work if the EagleMobile was behind an EagleLAN. Level 1: - The display program did not recognize that enhanced rules were in use. Consequently, it would start up gwcontrol in basic rule scan mode even if the configuration specified enhanced rule scan. - gwcontrol crashed in certain cases when rules that deny users or groups are exercised. - Zombie httpd processes would be left over under heavy http loads resulting in the process table filling up. - Telnet and ftp access through the firewall for rules using SecurID did not obey user limit restrictions. Defect Description: PHNE_6976: Level 8: - Xwindows enhancement Level 7: - nettl & netfmt may not be running at the time firelogd is executed. If they are not then firelogd is now smart re-engineered to wait until nettl & netfmt are running. Level 6: - DNS enhancements Level 5: - DNS enhancements Level 4: - DNS enhancements Level 3: - startgw: execute readhawk before readeagle for Eagle Lan - raptor: nohup startgw Level 2: - fixes kernel bug in Eagle & EagleLAN's so that mobile can properly connect - fixes vpn program bug - Eagle address was not being downloaded to EagleLan Level 1: - display: fixes problem caused by not understanding gwcontrol flags - ftpd: fixes SecureID user limits bug - gwcontrol: fixes crash with deny user - httpd: fixes defunct process bug - telnetd: fixes SecureID user limits bug SR: 4701316950 Patch Files: /tmp/epi-hpuxv10.tar what(1) Output: /tmp/epi-hpuxv10.tar: Copyright (c) 1985, 1988, 1990 Regents of the Univer sity of California. ftpd.c 5.37 (Berkeley) 6/27/90 ftpcmd.y 5.23 (Berkeley) 6/1/90 vers.c 5.1 (Berkeley) 6/24/90 ftp.c 5.36 (Berkeley) 6/29/90 Copyright (c) 1985, 1988, 1990 Regents of the Univer sity of California. ftpd.c 5.37 (Berkeley) 6/27/90 ftpcmd.y 5.23 (Berkeley) 6/1/90 vers.c 5.1 (Berkeley) 6/24/90 ftp.c 5.36 (Berkeley) 6/29/90 gophitem.C 1.2[cheung] gophserv.C 1.2[cheung] gw.C 1.2[cheung] proxy.C 1.2[cheung] sigs.C 1.2[cheung] tcpsock.C 1.2[cheung] Copyright (c) 1985, 1988, 1990 Regents of the Univer sity of California. ftpd.c 5.37 (Berkeley) 6/27/90 ftpcmd.y 5.23 (Berkeley) 6/1/90 vers.c 5.1 (Berkeley) 6/24/90 ftp.c 5.36 (Berkeley) 6/29/90 cksum(1) Output: 2169489901 2467328 /tmp/epi-hpuxv10.tar Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 2460 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_6976 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_6976.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_6976.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. The cluster clients must be shut down as described in step 5b. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_6976. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_6976.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_6976.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Install this patch only on system that has the Raptor Eagle System V3.0 International release installed. After this patch is installed via "swinstall", perform the following steps to carry out the actual Eagle patch installation: - cd /tmp - tar xvf epi-hpuxv10.tar - cd epatch - Now, execute the script named "epatch". - Choose option 1 to update to current patch level (8). - Finally, type `E' to exit "epatch". - Reboot your system to restart the Eagle firewall.