Patch Name: PHSS_16193 Patch Description: s700_800 10.24 VirtualVault/SAFE TGP cumulative patch Creation Date: 98/08/24 Post Date: 98/09/01 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: VirtualVault/SAFE A.03.00 US/Canada Release; VirtualVault/SAFE A.03.00 International Release Filesets: VaultTGP.TGP-CORE Automatic Reboot?: No Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHSS_16193 Symptoms: PHSS_16193: 1) When a connection is made through the TGP to retrieve a large file, either ascii or binary, then the connection is closed immediately. The client sees "Connection reset by peer". 2) TGP daemon fails to start if there is an unconfigured network interface (not in the UP state) on the system. PHSS_14382: 1) Installing the VirtualVault Trusted Gateway Proxy product causes an error message to be printed on the console during the transition to multi-user mode: getty: failed to open /dev/tty: No such device or address After the error message is printed, the system functions normally, although the TGP daemon must be started manually. 2) The "Start or Stop Trusted Gateway Proxy" screen of the TGP Administration interface does not report any feedback when the TGP is started and some, but not all, of the listening endpoints for the TGP services are established. 3) The "Configure Trusted Gateway Proxy Global Parameters" screen of the TGP Administration interface does not allow the user to create a logfile in / (the root directory). 4) The "Configure Trusted Gateway Proxy Global Parameters" screen of the TGP Administration interface gives a confusing message when the operation is successful. 5) The "Configure Trusted Gateway Proxy Ports" screen of the TGP Administration interface allows non-numeric data to be entered in numeric-only fields. This data will usually be lost when committing the changes to the database, but exact behavior is undefined. 6) Removing the VirtualVault Trusted Gateway Proxy product via swremove(1M) leaves the TGP daemon running until the system is rebooted. Defect Description: PHSS_16193: 1) An internal TGP function assumed that a return value of zero was a failure case and aborted. In cases of heavy data traffic where flow control is more likely, blocking without sending any data is normal. The check of the return value has been changed to only abort if less than zero. 2) The tgpd incorrectly assumed any configured interface should be included in interface list. Only interfaces marked with the UP flag should be included. PHSS_14382: 1) The tgpd line in /etc/inittab has been moved to a position before the cons(ole) line in the file. 2) The tgp-proc interface has been improved to understand partial success events. 3) The tgp-global interface now recognizes a correct pathname with only a single '/' in it. 4) The tgp-global 'success' output message has been made grammatically correct. 5) The input validation routines of the tgp-edit interface now correctly handle the numerical data check. 6) The line to kill the TGP daemon in the TGP unconfigure script has been corrected. SR: 4701384735 5003428979 4701400192 Patch Files: /tcb/lib/tgpd /usr/lib/nls/C/tgp-admin.cat /var/adm/sw/products/VaultTGP/TGP-CORE/configure /var/adm/sw/products/VaultTGP/TGP-CORE/unconfigure /var/opt/vaultTS/inside/vault/bin/tgp-edit /var/opt/vaultTS/inside/vault/bin/tgp-global /var/opt/vaultTS/inside/vault/bin/tgp-proc what(1) Output: /tcb/lib/tgpd: $Source: src/tgproxy/main.c, vaultTGP, vaultTGP_3.0 $Date: 98/08/18 17:18:56 $ $Revision: 1.10.1 .1 PATCH_10.24 (PHSS_16193) $ $Source: src/tgproxy/configuration.c, vaultTGP, vaul tTGP_3.0 $Date: 98/08/18 17:18:56 $ $Revisio n: 1.7.1.1 PATCH_10.24 (PHSS_16193) $ $Source: src/tgproxy/proxy.c, vaultTGP, vaultTGP_3.0 $Date: 98/08/18 17:18:57 $ $Revision: 1.9.1 .1 PATCH_10.24 (PHSS_16193) $ HP VirtualVault, tgpd, revision A.01.00 src/lib/conf/gpent.c, vaultTGP, vaultTGP_3.0 1.4 1 0/07/97 $Source: src/lib/conf/if_info.c, vaultTGP, vaultTGP_ 3.0 $Date: 98/08/18 17:18:59 $ $Revision: 1. 3.1.1 PATCH_10.24 (PHSS_16193) $ lib/libsecurity/identity.c, libsecurity_util, vvos_d avis, davis26 $Date: 97/10/01 15:16:15 $ $Re vision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/mandlib.c, libsecurity_macilb, vvos_ davis, davis26 $Date: 97/10/01 15:16:16 $ $R evision: 1.17 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/privileges.c, libsecurity_util, vvos _davis, davis26 $Date: 97/10/01 15:16:17 $ $ Revision: 1.1.1.12 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/authaudit.c, libsecurity_audit, vvos _davis, davis26 $Date: 97/10/01 15:16:11 $ $ Revision: 1.21 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_conf.c, libsecurity_util, vvos_d avis, davis26 $Date: 97/10/01 15:18:19 $ $Re vision: 1.5 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_nls.c, libsecurity, vvos_davis, davis60 $Date: 97/10/01 16:00:20 $ $Revision : 1.1.1.4 PATCH_10.24 (PHCO_12734) $ Internal_Unsupported_Version libc.a_ID@@/main/r10dav /libc_dav/15 /ux/libc/libs/libc/archive_pa1/libc.a_ID Jul 18 1997 15:26:17 /usr/lib/nls/C/tgp-admin.cat: None /var/adm/sw/products/VaultTGP/TGP-CORE/configure: $Source: src/inst/inst/configure, vaultTGP, vaultTGP _3.0 $Date: 98/08/18 17:18:55 $ $Revision: 1 .11.1.1 PATCH_10.24 (PHSS_14382) $ src/inst/inst/configure, vaultTGP, vaultTGP_3.0 1.1 1.1.1 03/03/98 /var/adm/sw/products/VaultTGP/TGP-CORE/unconfigure: $Source: src/inst/inst/unconfigure, vaultTGP, vaultT GP_3.0 $Date: 98/08/18 17:18:55 $ $Revision: 1.10.1.1 PATCH_10.24 (PHSS_14382) $ src/inst/inst/unconfigure, vaultTGP, vaultTGP_3.0 1 .10.1.1 03/03/98 /var/opt/vaultTS/inside/vault/bin/tgp-edit: HP VirtualVault, tgp-edit, revision A.01.00 src/lib/conf/gpent.c, vaultTGP, vaultTGP_3.0 1.4 1 0/07/97 $Source: src/lib/conf/port.c, vaultTGP, vaultTGP_3.0 $Date: 98/08/18 17:18:58 $ $Revision: 1.5.1 .1 PATCH_10.24 (PHSS_14382) $ $Source: src/lib/conf/if_info.c, vaultTGP, vaultTGP_ 3.0 $Date: 98/08/18 17:18:59 $ $Revision: 1. 3.1.1 PATCH_10.24 (PHSS_16193) $ /var/opt/vaultTS/inside/vault/bin/tgp-proc: $Source: src/admin/cgi/tgp-proc/tgp-proc.c, vaultTGP , vaultTGP_3.0 $Date: 98/08/18 17:18:54 $ $R evision: 1.5.1.1 PATCH_10.24 (PHSS_14382) $ HP VirtualVault, tgp-proc, revision A.01.00 /var/opt/vaultTS/inside/vault/bin/tgp-global: $Source: src/admin/cgi/tgp-global/tgp-global.c, vaul tTGP, vaultTGP_3.0 $Date: 98/08/18 17:18:54 $ $Revision: 1.6.1.1 PATCH_10.24 (PHSS_14382 ) $ HP VirtualVault, tgp-global, revision A.01.00 src/lib/conf/gpent.c, vaultTGP, vaultTGP_3.0 1.4 1 0/07/97 cksum(1) Output: 3225052915 533970 /tcb/lib/tgpd 2558705121 5894 /usr/lib/nls/C/tgp-admin.cat 3880451814 3850 /var/adm/sw/products/VaultTGP/TGP-CORE/ configure 3755516751 3628 /var/adm/sw/products/VaultTGP/TGP-CORE/ unconfigure 512937234 65753 /var/opt/vaultTS/inside/vault/bin/tgp-edit 696184324 28746 /var/opt/vaultTS/inside/vault/bin/tgp-proc 2272060035 36997 /var/opt/vaultTS/inside/vault/bin/ tgp-global Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_14382 Equivalent Patches: None Patch Package Size: 740 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_16193 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_16193.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_16193.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_16193. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_16193.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_16193.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: This patch replaces the TGP daemon (tgpd) executable file. The tgpd process will be stopped during patch installation and is not automatically restarted upon patch completion. Therefore, you will need to restart the tpgd to re-enable TGP services on this system.