Patch Name: PHSS_19739 Patch Description: s700_800 10.20 HP DCE/9000 1.5 cumulative patch Creation Date: 99/10/05 Post Date: 99/10/06 Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: HP DCE/9000 1.5 Filesets: DCE-C-Tools.DCE-TOOLS-LIB,B.10.20 DCE-CDS-Server.CDS-SERVER,B.10.20 DCE-Core.DCE-CORE-DTS,B.10.20 DCE-Core.DCE-CORE-RUN,B.10.20 DCE-Core.DCE-CORE-SHLIB,B.10.20 DCE-Core.DCE-JPN-E-MSG,B.10.20 DCE-Core.DCE-JPN-S-MSG,B.10.20 DCE-Core.DCEC-ENG-A-MAN,B.10.20 DCE-CoreAdmin.DCE-ACCT-MGR,B.10.20 DCE-CoreAdmin.DCE-CDSBROWSER,B.10.20 DCE-CoreAdmin.DCE-CORE-DIAG,B.10.20 DCE-CoreTools.DCE-BPRG,B.10.20 DCE-GDS-Server.GDS-SERVER,B.10.20 DCE-SEC-Server.SEC-SERVER,B.10.20 DFS-Core.DFS-CLIENT,B.10.20 DFS-Core.DFS-COMMON,B.10.20 DFS-Core.DFS-JPN-E-MSG,B.10.20 DFS-Core.DFS-JPN-S-MSG,B.10.20 DFS-NFSgateway.DFS-NFS-SERVER,B.10.20 IntegratedLogin.AUTH-COMMON,B.10.20 IntegratedLogin.AUTH-DCE,B.10.20 Automatic Reboot?: No Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHSS_19739 Symptoms: PHSS_19739: 1. JAGaa46651 : The "rpccp" command used in pwd_config fails with "unsupported protocol" error message. 2. JAGaa45926 : CCM servers dump core while communicating with MS-RPC applications. 3. JAGaa47108 : If the client makes a call on an interface supported by the server before the server registers the interface, an error status of rpc_s_unknown_if is reported. 4. JAGaa68656 : RPC connections via TCP/IP from a UNIX to a NT box stay open for 5 minutes rather than closing down within 10 seconds. 5. JAGaa46594 : "account modify" command dumps core intermittently, when the password for an account with organisation name larger than the group name is modified. 6. JAGaa93152 : The DCE startup script gives syntax error, followed by the message "time is within specified tolerance (35 sec)" even when the actual time difference is more than 10days. 7. JAGaa94793: aCC compilation error when dce/cma_ux.h gets included twice. Error 19: "./dce/cma_ux.h", line 319 # Unexpected '}'. 8. JAGaa60133 : DMS observer thread hangs Encina ENM process 9. JAGaa35843 : Links for files libbb.a & trace_log.h and directory hptools are not being created in the HP DCE 1.5 install process. 10. JAGaa93171 : cdsadv dumps core if the host has more than nine network interfaces. 11. JAGab11206 : CDS client does not failover correctly to alternate clearighouses once the preferred clearinghouse goes down. (It gives an Error message "Unable to communicate with any CDS server.") 12. JAGaa60130 : In an Ilogin environment with PHCO_15465 libc patch, user is loosing the group assignments, when using su(1). Problem does not occur when DCE is not used. 13. JAGab16279 : RPC application dumps core after logging RPC_MEM_ALLOC and RPC_CN_AUTH_VFY_CLIENT_REQ failures in fatal.log 14. JAGab16672,JAGab69558,JAGab69562 : Writing to a broken pipe in a threaded appl hogs CPU. example : "swlist -l file | pg" and then q OR ctrl C hogs cpu. 15. JAGaa62517: "dcecp -c directory list /.:" fails with an error message "No currently established network identity for which context exist" PHSS_17596: 1. JAGaa92762 : cma_poll() hogs CPU when the application is not multithreaded. PHSS_16429: 1. If password expiry time is set for a server, multiple keys are generated. 2. The user sees no effect of setting the ERA disable_time_interval if the value is small. 3. Enhancement Request to link libdcecp with libcdsutil and libcdscache. 4. An NCS application makes dced dump core. 5. dcecp reports internal disaster if LANG != C . 6. Request for credentials in sec_key_mgmt_manage_key() and dced every 10 minutes increases network traffic and affects performance. 7. Unnecessary log statement "mismatched seal" is added in the normal flow of code. 8. cdsd keeps the IP address in CDS_CHLastAddress even after it is removed. 9. Memory leak in RPC DG runtime due to the struct rpc_dg_pkt_pool_elt_t. 10. When super user performs 'su' to any other user, group access list from the DCE registry is not created. "id" does not show all the groups. 11. Need option for changing frequency of spawning ep_scavenger 12. An Application using hsearch() dumps core when built archived with libdce.a and libc. 13. logins are denied when ilogin is configured with -l ux -a dce if both dced and rpcd are not running. 14. When secd is started with -no_kdc option it dumps core 15. dce_config fails to configure cds client if nodename exists in two different DNS domains 16. Authentication audit events are not generated. 17. error commands in dcecp lead to core dump in international locales. 18. Swtools are experiencing the hang due to DMS. 19. UDP entries in the endpoint database gets deleted for servers running at well-known endpoints. PHSS_15731: 1. Errors during cell backup using tar lead to CDS and Security servers not being restarted. 2. klist displays year only in two digits even after the year 2000 e.g : 98/08/20:21:32:58 3. The rpc_mgmt_is_server_listening() hangs intermittently while using CN protocol. 4. Ansi C++ and threaded applications running on machines installed with the patch PHSS_12593-94 dumps core. 5. The 'errtext' command core dumps when displaying certain error text. 6. pthread_mutex_trylock dumps core if the mutex is not initialized. 7. Performance of an application calling cma_poll() degrades. The same is seen in cma_msgsnd(), cma_msgrcv() and cma_semop(). 8. write() on a socket does not write completely, if the write buffer(nbyte) is more than the socket/pipe buffer. 9. Zoneinfo files for Australia (NSW & Victoria) are not showing the correct EST & DST. So it will show the wrong time. 10. "dcecp> cdscache discard" command causes cdsadv abort if user is logged in as a normal user with dce_login as cell_admin. 11. An authenticated RPC that comes from a client with the different architecture (eg. little- endian) crashes a DCE daemon using CN protocol. 12. Changing DCE identitfy while using DFS ( by performing dce_login as another principal ), results in DFS error. 13. close() in child after fork in threaded process leads to deadlock. 14. For an anonymous ftp user, dceexec stays for 3 minutes. 15. If a principal is given a pre_auth_req attribute with value 2, during validation, gives an error message "Invalid password". 16. pthread_mutex_unlock dumps core if the mutex is not initialized. 17. When the max_invalid_attempts ERA is set and the registry is disabled, if a user exceeds the max_invalid_attempts number of logins secd aborts. 18. cdsadv intermittently goes into loop and may result in timeouts for CDS requests. 19. KRB5 error numbers are being evaluated as UNIX error numbers (errno). 20. dcecp memory leaks while modifying acls. 21. A program that sends bad packets to the rpcd kills rpcd. 22. dcecp commands core dump on some international locales .ie (LANG!=C). 23. libbb.a gets data linkage table overflow. PHSS_14920: 1. The patches PHSS_12593 or PHSS_10565 do not properly overlay on a previous patch which they supersede. (This patch differs from the patch PHSS_12593 only for minor changes to the SD control scripts. All the binaries in this patch and PHSS_12593 are identical. So when this patch is installed over PHSS_12593 and is subsequently backed out, it will directly restore the state prior to the installation of PHSS_12593) 2. Installation of DCE international patch on a DCE client system without the swinstall option "match_target=true" results in the complete patch filesets (including server bits) getting installed on the system leading to many WARNING messages. 3. After installing DCE domestic patch, an swverify fails for the binaries that are replaced by the domestic patch since the IPD (Install Product DB) for the corresponding international patch has not been updated. 4. ***IMPORTANT PLEASE NOTE -- Oracle 7.3.3 and above will need to be relinked. This patch contains changes to the libcma library. Applications such as Oracle that use this library and are built static will need to be relinked. For information and help for the rebuild please contact your Oracle support personnel. PHSS_12593: 1. passwd_export exports invalid accounts (e.g expired account or invalid password). passwd_export prints "...not enough space", when root entry is absent -X option is added to exclude invalid/expired accounts -l option is added to lock the invalid/expired accounts Passwd is locked for the account, in the exported file with a '*' in the passwd field, with following conditions : a) -l and -X are mutually exclusive b) entries in passwd_override file overrides the -l and -X options (for individual entries). c) In all other cases, apply -l or -X 2. Deadlock or hang of cdsadv threads on utc_gettime() call 3. Account Manager mishandles ERA attrset with more than one uuid - It was not possible to specify an extended registry attribute with multiple UUIDs. Fixed in the HPDCE Account Manager. 4. Thread I/O wrappers leave file descriptors in O_NONBLOCK mode at exit. If the file- discriptor(stdin) is left in non-blocking mode at exit, the shell inherits this and exits. Remote login sessions would get terminated if the shell exits. 5. DFS 1.5.1 (EFS) client cannot access /:/ if EISA 100VG is UP. 6. dceping makes use of stale information after re-configure of dce. After reconfiguring a node as a client to a different DCE cell, dceping continued to check for the old CDS server. Fixed in dce.rm. 7. dced hangs on startup when "starton boot" servers are configured. (dced is deadlocking in it's main thread when it attempts to start servers that are to be started at boottime.) 8. secd dumps with too long name, which results in Denial of Service Attack. This problem occurs when the principal/group/organisation name exceeds 1024 characters. 9. bad manpage for dcecp_cdsalias. The man of 'dcecp_cdsalias' hangs, with no output. Fixed manpage of dcecp_cdsalias. 10. Additional option (-l) provided for uuidgen to select the hardware address of lancard, in case of host with multiple lancards. Currently the uuidgen gets the address of the card with lowest NMID. Enhanced uuidgen. Usage available in the manpage of uuidgen. 11. dcecp cores when modifying acls of dced objects in local mode. When dcecp and dced are in local mode, using the 'acl modify' command on dced objects results in a core dump or hang. Fixed in dcecp. 12. secd is dumping core when client requests authentication but with wrong password in a keytab. This cumulates till the secd reaches the maxdsize about 70-80MBand then cores. A memory leak related code problem with secd. 13. 'select' returns wrong bits settings. cma_select() when timed out returns the bits (fd_mask) passed by the user without changing them. So, in case where it is a timeout we need to clear the bits. 14. dcecp directory list is not doing authentication. If you delete permissions for unauthenticated access from a directory ACL, then it was not possible to list that directory (using dcecp's 'dir list' command) even as an authenticated user. Fixed in dcecp. 15. cdsadv dumps core with segmentation violation if the user's authenticated request is cancelled before servicing the callback of the request. After the request is cancelled, all the data structures it was using will be freed up but the AUTH-callback request will be still hanging around in the conversation queue(convq). Fixed in libdce.1 16. acl_edit attempts to write to the ACL, even if no change is made to the ACL. acl_edit should accept quit as an alias for exit. 17. dce_login -r does not have mechanism to refresh DFS credentials. This will not allow access to DFS once the TGT has expired. If the user's home directory is on DFS, then access to home directory is denied. This may happen after CDE screen lock also. Fixed in libdce.1 18. Locking an uninitialized mutex dumps core.(Threaded FORTRAN 77 applications using CMA threads dumped core.) Solved by checking if the mutex has been initialized by the user or not befor locking. If it has not been initialized return -1 and set errno to EINVAL. 19. cdsd leaves pseudodir entries in clearinghouse when background thread is run.The status flag was not updated properly. 20. Occassionally DCE Application dumps core when compiled with -z option This problem occurs only when the application is compiled with -z option which is used for detecting null references. When the DCE client application receives a local cancel it forwards it to the server and sets a timeout value. If the timeout expires before a response to the cancel reaches the client the client program(call thread ) cleans up the data structures including the call-rep. The call rep will also be referenced by the receiver thread. When the receiver thread references the call-rep which already cleaned-up, it dumps core. Fixed in libdce.1. 21. dceping -C fails. When /tmp/cdsdHostname gets removed, the dceping asks for hostname of cdsd server. One enters the hostname and dceping continues to run fine. Problem is this breaks a cronjob in the process, which does dceping -C and fails 22. IDL compiler was generating incorrect server stub code when parameters' de-referencing was required. This problem was due to a earlier fix(PHSS_10565) in IDL compiler and may not be seen in all the releases. Fixed in IDL compiler. 23. IDL compiler -no_def_idir option does not work as specified in the manpage. Fixed in IDL compiler. 24. Unmarshalling the IDL pipe data type does not cause the exception to be popped of the stack as done during the normal unmarshalling. This results in the application abort(system panic in case of DFS) during the occurence of valid exeception due to mismatch in the TRY/CATCH exception blocks.Fixed in the IDL compiler. 25. When expanding /.:/sec/principal in cdsbrowser there are duplicate self entries for each host principal. There should be one host principal for each machine in the cell (/.:/sec/principal/hosts//self). Every self principal is duplicated in a cell with multiple hosts. There will be the same number of entries for each self principal as the number of hosts in the cell. 26. All occurences of include in DCE source code is changed to include . 27. There is a new function added cma__hp_sched_opt(): int cma__hp_sched_opt(int timer, long timer_interval, int timeslice_quanta, long rt_timer_interval) This function enables the user to set the Timer Signal, Interval, Quanta of his/her choice. This also enables the user to set the real time signal SIGALRM for a desired interval.Timer Q is checked at regular intervals specified by rt_timer_interval. A signal handler is established for SIGALRM if rt_timer_interval is specified. timer : ITIMER_VIRTUAL | ITIMER_PROF timer_interval : Interval for timer-signal corresponding to 'timer'. (in microsecs) timeslice_quanta : Quanta for each thread. rt_timer_interval : The interval for the real-time signal(SIGALRM). (in microsecs) 0 => real-time timer not set. Before calling this function the CMA would have set the defaults as: timer = ITIMER_VIRTUAL; timer_interval = 100ms; timeslice_quanta = 2; rt_timer_interval = 0; There are also 3 new environment variables added: CMA_HP_SCHED_OPT : This provides the same functionality as cma__hp_sched_opt(). Format is: export CMA_HP_SCHED_OPT="timer timer_interval timeslice_quanta rt_timer_interval" eg: export CMA_HP_SCHED_OPT="1 100000 2 0" would set the timer to ITIMER_VIRTUAL, interval to 100ms, quanta to 2 and does not set the real time signal. CMA_HP_CHECK_TIMERS_AT_YIELD: Setting this variable would result in checking the timer Q at yield. This would help to put threads from the timer Q to the ready Q if their time has already expired when we do a yield. CMA_CRASH_ON_FORCED_SWITCH: Setting this variable would result in the application exiting with bug check if the quanta of a thread expired and it was forced to context switch. This can be used for some debugging purposes and it is advised not to set this variable in the normal case. 28. Enable sams to correctly generate a message catalog (via gencat) outside of clearcase (ie. using -oc option). PHSS_10565: 1. The cma_fork() function can cause a deadlock if another thread has the global mutex locked. We now lock the global mutex before locking any of the other internal mutexes. Fixed in libcma.1, libcma.a. 2. The login context could become corrupt due to the incorrect usage of local variable. Now we return the login context rather than assigning it a passed parameter. Fixed in libdce.1. 3. The dtsd daemon core dumps intermittently on shutdown/cleanup (ShutDownRPC) due to a variable, "profileName", being rpc_string_free'd incorrectly. The "rpc_string_free (&profileName, &status)" has been removed from dtss_service_global_set.c and checks for NULL in transport_rpc.c were added. Fixed in dtsd. 4. The ftpd.auth command will die during simultaneous calls to ftp due to execessive memory usage and swapping. The memory usage of the command was optimized. Fixed in libdceauth.sl. 5. Data checking improvements were added to chsh.auth and chfn.auth. Fixed in chsh.auth, chfn.auth. 6. The PHSS_9394-95 cdsadv core dumps dealing with rpc input-only arguments upon rpc retries. Now, input arguments are reconstructed on rpc failures. Fixed in cdsadv. 7. The cdsd daemon crashes when reading an acl that is too large. Generated acls are now checked to ensure that they are within the proper size range. Fixed in cdsd. 8. Data checking improvements were added to passwd.auth. Fixed in passwd.auth. 9. There is excess logging in the error.log when trying to execute rpc_mgmt_inq_server_princ_name to find a global server name, but not having a fully-bound binding (even when there wasn't a global server configured). A routine has been inserted to ensure we have a fully-bound binding before attempting the rpc_mgmt_inq_server_princ_name() routine. Fixed in dtsd. 10.A dce_login into a foreign cell fails if one of the security servers in the foreign cell is down since the local ps_site file does not contain RPC string bindings for foreign cells and a retry does not import bindings from the name space. A fix was added so that the import handle is not closed after the RPC bindings have been imported. Fixed in libdce.1, libdce.a, secd, sec_create_db, sec_salvage_db, klist, kinit, kdestroy, dfsgw, dfsgwd. 11.The passwd_export binary has improved its handling of applying group overrides. Fixed in passwd_export. 12.Improvements have been made to clean up some credential structures. Fixed in libdce.1, dced. 13.The cdsadv binary core dumps on the Security and Directory master server during intercell system testing. The method os allocating idl supplied memory was improved. Fixed in libdce.1. 14.The cdsd daemon was getting a bug error in the security/krb code. Error handling was changed to deal with cursor initialization and allocation. Fixed in libdce.1, cdsd. 15.Improvements were made to the error handling in the dce_db_open_file() function. Fixed in libdce.1. 16.Some invalid login attempts were not recorded when they should have been. Flow control improvements were made so that all cases where preauthentication was attempted, and failed, will be recorded as invalid login attempts. Fixed in libdce.1. 17.Improvements were made to dce_db_fetch_by_uuid so it returned a local copy of IDL-allocated structure and thus improved cdsadv performance. Fixed in libdce.1, libdce.a. 18.The GSS-API has been updated to conform to the latest Kerberos and GSS-API standards, while making other changes to accomodate the non- conformance of oldce DCE amd MIS GSS-API implementations. Fixed in libdce.a, libdce.1, secd, gssapi.h. 19.If clients wait for a long period of time to do an rpc_binding_import(), the call will fail since the clerk thread was deactivated in the meantime. A fix was added to allow the clerk thread to restart and handle the request properly. Fixed in libdce.1. 20.The cdsd daemon does not checkpoint. Fixed in cdsd. 21.Allow the sec_login_krb5_add_cred symbol to be exported in the international version of libdce. Fixed in libdce.1. 22.The rgy_edit command will abort will an "unexpected file type" message due to a problem in the fstat loop. It has been fixed so that if it returns an error it will not check the file type. Fixed in libcma.1, libcma.a. 23.The internal fstat() and rlimit() calls were updated to use the 64 bit interfaces and structures (fstat64 and rlimit64) to support 64bit file access in CMA threads. Fixed in libcma.1, libcma.a. 24.Updated klist to report correct information when dealing with the year 2000 and beyond. Fixed in klist. 25.Fix the memory allocation strategy of the config- file reader function to avoid having tools core dump. Fixed in libdce.1, libdce.a. 26.There were duplicate self entries for each host principal in cdsbrowser. The return value of sec_get_base was corrected to avoid this scenario. Fixed in cdsbrowser. 27.The "registry show -master" command was not binding correctly in all cases. The -master option will now use a different mechanism to obtain the binding information. Fixed in dcecp, libdcecp.sl. 28.Add a field to cma_g_file_obj to save the file type. This way if this is a pipe and the user has not set it to non- blocking mode, then we need to call fstat again to get the amount of space left in the pipe, before attempting the write(). Continue this process until we have written the number of bytes passed to cma_write(). Fixed in libcma.a, libcma.1. 29.Serialisation of connect requests are done only when connections are made to the same server address space. Fixed in libdce.1. 30.Improvements to the error handling were added to dce_error_inq_text() to handle unix error codes. Fixed in libdce.1, libdce.a. 31.The cds clerk spins. A fix was added to change cached handle flush. Fixed in cdsadv. 32.The cdsadv binary was changed so there is no longer a conflict between variable name TIMEOUT_P and macro definitions. Fixed in cdsadv. 33.Improvements to cdsadv to use rpc memory bookkeeping to deal with freeing memory. Fixed in cdsadv. 34.Modifications were made to pwd_strengthd to improve error handling. Fixed in pwd_strengthd. 35.The dced daemon leaks stub allocated memory from the dce_db_fetch_by_uuid() call. The dced daemon and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. There is ineffective code in both dced and the security runtime to free this memory. Fixed in dced and dcecp. 36.Add a test for variable KRB5CCNAME before starting dtsd. Fixed in /sbin/init.d/dce startup script. 37.A threads wrapper ensures a complete buffer transfer when send() is called in a blocking mode. Fixed in libcma.1, libcma.1. 38.Modified dce.h to add defined(__cplusplus) for _DCE_TOKENCONCAT_. Fixed in dce.h. 39.IDL and header files are now installed in /usr/include/dce. Fixed with dce_attr_base.idl, dce_attr_sch.idl, dce_attr_base.h, dce_attr_sch.h. 40.Use rpc_sm_free() instead of rpc_sm_client_free(). Fixed in libdce.1. 41.The dce_acl_obj_add_*() functions check for illegal entries, the acldb uses rpc_sm_client_free() instead of rpc_sm_free(), dce_acl_obj_add_obj supports for needed types of ACL's, dce_acl_copy_acl() handles foreign_id differently. Fixed in libdce.1. 42.Allow dfs to export logical volume aggregates with the same logical volume number even when in different volume groups. Fixed in dfs_core.ext. 43.Connection oriented RPC 'maybe' calls result in segmentation violation. Need to properly initialize iovlen. Fixed in libdce.1 and libdce.a. 44.Customer cannot use SD to install software on machines containing only FDDI networking. Fixed in libdce.1, libdce.a. 45.Improve calulation of pe_site lines by only using replicas that are not "marked for deletion" in the calculation. Fixed in dced. 46.The credentials refreshed by Integrated Login (screen unlock) are not certified. Fixed in dceexec. 47.The cdsd daemon was modificed to deal with a crash in db_btree_copy_keys(). Fixed in cdsd. 48.The cdsd daemon core dumps on startup with playback error. A fix was added to deal with splitting data buffers properly. Fixed in cdsd. 49.The logic for requesting the number of interfaces from the kernel in the RPC runtime changed to deal with large numbers of network interfaces. Fixed in libdce.1, libdce.a. 50.Changes to the context rundown procedure were implemented to deal with a deadlock. Fixed in libdce.1. PHSS_9394: 1. GDS/XDS interface doesn't handle looking up all the default dsa's properly. It does not look through the entire list of default dsa's when the session is a DEFAULT_SESSION. 2. If multiple instances of a daemon are running, dce_shutdown will shutdown only one of them and report success, even though the others are still running. 3. If garbage is in the masks passed to cma_select, it is copied into the global fd mask and later may cause cma__io_available to abort with "file unexpectedly closed" fd mask. 4. Bad datagram packet crashed any dce daemons except DCED. This problem is noticed only when forwarded datagram packets are processed by DCE daemons. DCED is the process which is reponsible for forwarding datagram packets. When packets are forwarded from other sources, especially when packet is not formated as expected, the servers panic resulting in core dump. 5. secd cores with replicas from rs_log_attr_sch_prop_create mem corruption. 6. Invalid login attempts not recorded when they should be. 7. Sometimes during configuration the sec_client.binding is not found. This occurs mostly on slow systems because the time waited for dced to create the file is not enough. The fix bumps wait time up to 2 minutes. 8. FR12 is destroyed when using CMA threads with +DA2.0. 9. krb5_init_ets is an allowed symbol, but is not exported in libdce. 10.Signal handling problem in ftpd.auth which has already been added to the internet services ftpd. 11.Various credentials data.db file problems associated with cdsadv. 12.Enhance supportability by adding pid/thr addr to lib/clerk protocol. 13.The advertiser sometimes crashes during RPC marshalling. Any clerk which encounters an RPC comm failure during heavy network load with a busy server will receive back incomplete results leading to the crash. 14.Error in handling timeout in CreateLink. 15.Uninitialized variable in the cdsadv. Generally not a problem in current release, but code fixed. 16.Bad output from deb_ascii_ptr_to_buf(). 17.ftpd.auth needs to be synchronized with Unix ftpd. To do this, the -p option needs to be added to ftpd.auth. Also, the wording of an error message needs to be changed. 18.cdsd crashed during system test due to mishandling of DBSet as Set. 19.The ds_read() call fails on objects that represent cds directories. 20.IF/OP Names show up as UNKNOWN in GlancePlus when they should be named. 21.A user reported that their KRB application caused secd to crash with a segementation violation. 22.secd dies with unhandled exception during log replay. If a DCE client attempts to use the IDL encoding services prior to traversing cstub or sstub code, and the ES raises an exception, the exception will not be handled. 23.If the principal that created an account (or the principal that last modified an account) is deleted, then that account is no longer viewable using dcecp although it is viewable with rgy_edit. 24.Need to NULL pepper pointer after freeing. 25.Need to check for NULL sec_passwd_plain passid in rs_acct_replace(). 26.The acl evaluation algorithms not correctly adjusting for access rights when a delegate ( not the initiator ) specified in an epac chain (creds) has no privileges specified in the acl being checked against. 27.Local root is unauthorized when accessing DFS whereas it should use machine credentials. 28.cma_waitid wrapper isn't working properly -- it is returning an incorrect value. 29.If there are no security servers in the cell, eventually both cdsd and dced will spin in the security binding code. 30."kdestroy -e" is sometimes flushing host credentials. 31.When using dce_config to configure a fileset location database server, the dfs_config code in the config_dfsfldb() function also configures a fileset server with no way to only configure a fileset location database server. 32.dced leaking stub allocated memory from the dce_db_fetch_by_uuid() call. dced and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. 33.DTS Spectracom Provider does not configure. 34.cdsd is dying on trying to show the acl of a principal when logged into a remote cell. 35.When running Integrated Login, if "login" detects a "password change required" condition, the "login" after the password change fails to do a DCE login. 36.Principals with keys that have a zero length pepper cannot validate their DCE identity. 37.cdsadv runs but then begins to leak data blocks identified to be tickets. cdsadv will eventually die by exhausting system resources. 38.An incorrect radix is set. Sams couldn't handle field width specifier properly. 39.You can use dce_rdacl_replace() to set a user_obj or group_obj entry on an ACL, but after that point can never update the ACL again. 40.The dce_rdacl_get_access() API call behaves incorrectly on verifying authorization. 41.The ACL manager for extended registry attribute types may include the policy ACL manager. However, the servicability permission bit ('s') cannot be correctly set on the policy manager ACL list. 42.dced acl code is displaying the wrong error message when a user is not authorized to access an object. It is incorrectly returning sec_acl_invalid_permission, but should return sec_acl_not_authorized. RECOMMENDED_CHANG: Change sec_acl_invalid_permission to sec_acl_not_authorized in appropriate areas. 43.When using CDE with Integrated Login, the second time the screen is unlocked the DCE credentials are destroyed. 44.The credentials refreshed by Integrated Login (screen unlock) are not certified. 45.There is a path in the sec_login code, via which a new credential database file could be created owned by root (the effective uid) instead of the creating principal. 46.A svc error message was incorrectly formatted. 47.Internal code fix for memory management. 48.There is a memory leak in sec_login_pvt and krb_info. 49.When a machine tries to refresh and validate its credentials before they expire (this occurs 10 minutes before expiration) if secd is down the machine purges the credentials and tries to obtain new ones which destroys the credentials 10 minutes before they are scheduled to expire. 50.The DFS-NFS gateway panics when the user's credentials expire. 51.Several memory leaks and other memory fixes for secd. 52.When the master is down and there is another security server available, security clients will leak memory when attempting to bind to the master. 53.Incorrect data typing resulted in an incorrect uid being used. 54.When a principal is deleted from the registry (i.e. orphaned), you can't remove any ACL entries that refer to that principal. Fix is to add -uuid switch to the acl modify command of dcecp to allow UUID's to be used in ACL entry keys. 55.Need to provide hostdata service during dced bootstrap to allow dcecp local hostdata functionality outside a cell with minimal "fake" DCE configuration. 56.dced leaks memory with each sec_login_validate_identity. 57.KRB5CCNAME is set up with a bogus value for passwd_override accounts. Defect Description: PHSS_19739: 1. JAGaa46651 : pwd_config assumes that both TCP & UDP protocols are supported in the environment. Through "rpccp", it always tries to export both TCP and UDP protocols and expects the call to succeed. If only TCP or UDP protocols are used in the environment, then pwd_config fails saying "unsupported protocol". Resolution: Consider the rpccp call as succeeded if it successfully exports either TCP or UDP protocol. 2. JAGaa45926 : The CCM client agent which runs on MS-WindowsNT is built upon MS-RPC. The same problem which made most of the CCM servers dump core was due to the interoperability of the OSF DCE with MS-RPC. There seems to be an optimization done in the MS-RPC which used the server association to make an RPC to a server. Hence, the client association on the HP-DCE side was receiving a REQUEST packet which resulted in the servers dumping core. Resolution: This fix has been provided in the DCE RPC to discard the REQUEST packet on an client association and send an appropriate status code back to the client which made the RPC on a server association. 3. JAGaa47108 : The problem is that the error condition is cached in the association data structure and the subsequent calls on that particular interface on this association return the error condition without sending the alter_context PDU even after the server registers the second interface. Resolution: The change is to send an alter_context PDU on the association if the previous negotiation failed with the rpc_s_unknown_if. 4. JAGaa68656 : MS-RPC server does not send a SHUTDOWN PDU ten seconds after the completion of the RPC. This made the HPDCE client keep the idle connections keep open for 5 minutes after the completion of the RPC. Resolution: An environment variable is provided in the DCE RPC runtime with which the idle association termination time can be tuned to be a lesser value than the architected value of the 5 minutes. With this environment variable, the idle association termination can be tuned to any value in the range of 1 to 300 seconds. The environment variable is HPDCE_CLIENT_DISC_TIME. 5. JAGaa46594: The size of the memory allocated for organi- sation name was not correct. Resolution: Use the correct argument name in malloc for current_org variable. 6. JAGaa93152 : The dce_config script while comparing dates of the two machines doesn't take into account the number of days. Also it assumes that each part of the string resulting from utc subtract command will be in fixed position which is not always true. Hence the script fails with expr: Syntax error Resolution: make proper use of cut in checktime() function. 7. JAGaa94793 : If in a C++ program, dce/cma_ux.h gets included twice this error is visible. The problem is because of the mismatch of #ifdef/#endif for __cplusplus and CMA_UX. Resolution: Move the #endif corresponding to CMA_UX to the end of the file. 8. JAGaa60133 : The hang was caused due to multiple DMS threads starting because of the fork in the ENM process. This does not happen frequently but does happen in a race condition. Resolution: The procedure which creates the observer thread was checking earlier only one condition whether the observer thread is running or not. Now we check for one more additional condition whether the observer thread was stopped because of fork in the dms process and if so we will not create the observer thread. 9. JAGaa35843 : Postinstall control script of HP-DCE 1.5 release did not have the code to put softlink to these files and directories from /usr/lib directory. Resolution: Postinstall control script of this product contains code to put softlinks for these files and directory from /usr/lib directory. 10. JAGaa93171 : RPC queries the network interfaces for IP address and network mask, using ioctl calls.The buffer allocated for the above operation when the host had more than 9 network interfaces,was not freed after successful queries. Resolution: Freed the buffer memory allocated for ioctl calls correctly in rpc runtime. 11. JAGab11206 : This is due to the way in which CDS client is designed to access the clearinghouses. When a preferred clearinghouse is specified, then the clerk instead of doing a Walk-Tree for the clearinghouses just looks for that particular clearinghouse to resolve a name. If that clearinghouse is down/not found,it breaks out of the loop and gives an Error without actually doing the Walk-Tree. Resolution: The cds clerk is now made to do a normal Walk-Tree once it fails to resolve a name from the preferred clearinghouse. 12. JAGaa60130 : Group lists are getting corrupted when using su(1) on a libc patch(PHCO_15465) installed m/c. Resolution: Removed the syslog() statement to avoid the corruption of group assignments. 13. JAGab16279 : When authenticated RPC calls are made from a client running on host with different NDR representation (Ex. NT client) to a server running on HP-UX it results in memory problems.This is observed in cases when the principal is member of 10 or more number of groups. Such a principal results in big PAC size, and so RPC sends fragmented packet to server (i.e.when RPC packet size exceeds 1432 bytes). The RPC runtime at server allocated a buffer to receive and append these fragment to get the complete packet .After the server processes the packet, the runtime did not free the memory of the buffer. Resolution: Freed the memory allocated for buffer used to receive the fragmented RPC packet after processing the packet successfully. 14. JAGab16672,JAGab69558,JAGab69562 : After Installing PHSS_16429 or PHSS_17596, swlist -l file | pg and then exit pg by ctrl c or q will hog the cpu. The problem is with cma_write(), which is not able to detect broken pipes. Resolution: Change cma_write() to detect broken pipes. 15. JAGaa62517 : Only the owner of the credential file had the permission to read it. This prevented even the root user to read the credential file. Resolution: The root user is also permitted to access the credential file. PHSS_17596: 1. JAGaa92762: Calling poll() in threaded applications results in hogging of CPU, under following conditions: - pthread.h is included by the application - cma_init() is not called - The application is not multithreaded yet (i.e. there are no threads created) Resolution: The polling interval is now initialized before the application goes multithreaded. PHSS_16429: 1. The algorithm for generating the keys was incorrect. Resolution: The algorithm for generating the keys has been changed to correct this. 2. disable_interval in ERA is wrongly set in seconds. Resolution: The input from the user for the variable disable_interval_time was multiplied by 60 to interpret the input as in minutes. Before the change was made this input was used directly, thus misinterpreting the input value in seconds. 3. Applications linked with libdcecp.sl library fail to execute CDS commands. Resolution: Change link libraries in the makefile for dcecp 4. When there are lots of unique clients to a server, the server connection table elements keep growing and finally dced dumps core. Resolution: Reduce the server connection table elements to be uncached sooner than the default value. An environment variable SCTE_UNCACHE_TIME is provided for tuning this parameter eg., export SCTE_UNCACHE_TIME=60. The value should be set between 45 and 600. 5. On a japanese locale, typing an error command results in "internal disaster" error within dcecp. Resolution: Include code for wide-character initialization required for intl locales. 6. sec_key_mgmt_manage_key() of libdce and dced forces login for each 10 minutes to check the password expiration. Resolution: Import an environment variable (KEY_MGMT_WAKEUP_INTERVAL). Depending on the variable, set the wakeup time and force the login. 7. Unnecessary "mismatched seal" printf statement. Resolution: Removed the "mismatched seal" printf statement. 8. Since the CHLastAddress contains the old IP address, the DCE configuration Manager (DCM) Failed to startup. Resolution: Update the CHLastAddress when IP address is removed. 9. The packets used by the private local socket of the server in DG runtime, for transmission of the data were not being freed which causes the process size increase and finally dump core. The problem shows up only when the server and the clients are on the same machine. Resolution: Free the packet of the private local socket which was being added to the global packet pool. 10. When super user executes 'su', group access list is not created because the normal authentication sequence is different in case of super user. Resolution: Get the group access list from DCE registry. 11. Enhancement request to provide option for dced/rpcd to tune ep_scavenger frequency Resolution: Provide new option -t with dced/rpcd. dced/rpcd uses this value to run ep_scavenger with the specified interval. 12. The libdce.a has got an object module for hsearch() function having the same prototype as the hsearch() in libc. So when an application using hsearch() is built with libdce.a in the library list, it first gets linked to hsearch() of libdce.a (which is having a different behavior compared to libc version) and thus dumps core. Resolution: The hsearch() routine was used for an example called phone_db and it was provided in libdce for that purpose only. This example is not shipped for the new releases and hence hsearch() is removed from libdce. 13. This is caused by a lower value of telnet time-out than rpc time-out. Resolution: DCE Integrated Login code has been modified with a timer installed that times out before the telnet times out. 14. When secd is started with no_kdc option it is unable to initialize the kerberos database. and hence dumps core. Resolution: The option secd -no_kdc is removed as it was used in older version. 15. Since dce_config removes the domain part of the server name, it is causing problem if there exists another node with the same name in the client domain. Resolution: Get the ip address of the node name in a variable before the domain name is removed from that , and use that variable which contains the IP address. 16. This feature was not implemented. Resolution: Add authentication audit points to security server. 17. in-core tables contain error messages in incompatible format. Resolution: Modify code appropriately in order to handle messages in older format. 18. The DMS thread is creating problems in swtools causing the process to hang. The DMS was "on" by default in any DCE process running with the root privilege. It could be made "off" by exporting the environment variable DMS_FORCEOFF. Now the change has been made so that DMS is "off" by default and will be "on", only when the environment variable DMS_FORCEON is exported. So now, if the performance monitoring has to be done on the DCE processes running with root privileges, DMS_FORCEON=1 has to be exported prior to running the DCE process. Resolution: If the DMS is required for DCE measurement export DMS_FORCEON=1 prior to running the DCE process. 19. This problem occurs when servers running on well- known endpoint does a server ping using a fully bound binding handle before listening. A dced thread wakes up and receives the ping failure error. This results in dced deleting the endpoint without verifying if the server has begun listening. Resolution: dced now does a ping to the server entry before it deletes endpoints from the database. PHSS_15731: 1. Insufficient error checking in the cell backup script. 2. Display of year in two digit format. 3. The rpc_mgmt_is_server_listening() hangs intermittently while using CN protocol because of timing problem. The hang occurs on the client side due to the time gap between client making a call and the server stopping the call threads. The recommended change is to defer the stop until the cthread is done handling its assigned calls and any queued calls. 4. In PHSS_12593-94 libcma we call atexit() before main(). The AnsiC++ library (libCsup) has its own version of atexit() and it does not work as atexit() of libc when called before main(). 5. For certain error codes, formating of error messages didn't account for the right number of parameters. 6. The pointer field of the mutex points to null if the mutex is not initialized. When this is dereferenced the application dumps core. 7. In cma_poll(), cma_msgsnd(), cma_msgrcv() & cma_semop() we poll for data at an interval of 200 millisec which is a long interval for some applications. ***NOTE***: A new environment variable called CMA_HP_POLLWAIT is added. We first wait for 10 millisec. Subsequently we poll at an interval of CMA_HP_POLLWAIT, if the user has set this environment variable.If the user has not exported this Environment variable, we poll at an interval of timer interval(default 100ms). CMA_HP_POLLWAIT is to be exported in microsecs. eg: export CMA_HP_POLLWAIT=50000 impiles CMA_HP_POLLWAIT is 50 millisecs. 8. cma_write does not have the retry logic within itself. 9. Zoneinfo files are not updated with the new EST & DST. 10. A normal user trying to run "dcecp>cdscache discard" with dce_login as cell_admin instead of root. (you need to login as root to execute this dcecp command ) 11. The client was using an authentication service protocol which is not supported by the server and that caused the server to crash. This happens only with the server that uses CN protocol. When such data is recevied, an error message gets logged in /opt/dcelocal/var/svc/error.log 12. Side effect of CHFts23794 fix. 13. Lock and Unlock of the mutex (cma__g_close_select_mutex) is not done before and after fork respectively. So when a thread calls close/select and before this thread comes out of it some other thread calls fork which results in deadlock. 14. In case of an anonymous ftp, dceexec never receives DCEEXEC_EXIT message. 15. The preauth_subtype has no bearing on whether or not the user key needed to be transformed to DES format. 16. The pointer field of the mutex points to null if the mutex is not initialized. When this is dereferenced the application dumps core. 17. secd was trying to write to syslog when the registry was inaccesible because it was in the maintenance mode. This was causing it to abort. 18. Error was due to corruption in credential file, which was not taken care of. 19. While trying to log messages to the syslog, the kerberos error codes were wrongly interpreted as UNIX error codes 20. libdcecp and libdce acl modify code did not free memory allocated for the purpose of ACL modification. 21. The RPC runtime expects the authentication trailer to be four byte aligned and the bad data which is sent by the program does not follow this spec, so kills rpcd. A message will be logged in the error log file /opt/dcelocal/var/svc/error.log when such a data is received. 22. The japanese catalog files were out-of-date with the new/enhanced sams compiler which went with the previous patch. 23. The library not compiled with the proper option (+Z). PHSS_14920: 1. The patches PHSS_12593 or PHSS_10565 do not properly overlay on a previous patch which they supersede. (This patch differs from the patch PHSS_12593 only for minor changes to the SD control scripts. All the binaries in this patch and PHSS_12593 are identical. So when this patch is installed over PHSS_12593 and is subsequently backed out, it will directly restore the state prior to the installation of PHSS_12593) 2. Installation of DCE international patch on a DCE client system without the swinstall option "match_target=true" results in the complete patch filesets (including server bits) getting installed on the system leading to many WARNING messages. 3. After installing DCE domestic patch, an swverify fails for the binaries that are replaced by the domestic patch since the IPD (Install Product DB) for the corresponding international patch has not been updated. 4. ***IMPORTANT PLEASE NOTE -- Oracle 7.3.3 and above will need to be relinked. This patch contains changes to the libcma library. Applications such as Oracle that use this library and are built static will need to be relinked. For information and help for the rebuild please contact your Oracle support personnel. PHSS_12593: 1. passwd_export exports invalid accounts (e.g expired account or invalid password). passwd_export prints "...not enough space", when root entry is absent -X option is added to exclude invalid/expired accounts -l option is added to lock the invalid/expired accounts Passwd is locked for the account, in the exported file with a '*' in the passwd field, with following conditions : a) -l and -X are mutually exclusive b) entries in passwd_override file overrides the -l and -X options (for individual entries). c) In all other cases, apply -l or -X 2. Deadlock or hang of cdsadv threads on utc_gettime() call 3. Account Manager mishandles ERA attrset with more than one uuid - It was not possible to specify an extended registry attribute with multiple UUIDs. Fixed in the HPDCE Account Manager. 4. Thread I/O wrappers leave file descriptors in O_NONBLOCK mode at exit. If the file- discriptor(stdin) is left in non-blocking mode at exit, the shell inherits this and exits. Remote login sessions would get terminated if the shell exits. 5. DFS 1.5.1 (EFS) client cannot access /:/ if EISA 100VG is UP. 6. dceping makes use of stale information after re-configure of dce. After reconfiguring a node as a client to a different DCE cell, dceping continued to check for the old CDS server. Fixed in dce.rm. 7. dced hangs on startup when "starton boot" servers are configured. (dced is deadlocking in it's main thread when it attempts to start servers that are to be started at boottime.) 8. secd dumps with too long name, which results in Denial of Service Attack. This problem occurs when the principal/group/organisation name exceeds 1024 characters. 9. bad manpage for dcecp_cdsalias. The man of 'dcecp_cdsalias' hangs, with no output. Fixed manpage of dcecp_cdsalias. 10. Additional option (-l) provided for uuidgen to select the hardware address of lancard, in case of host with multiple lancards. Currently the uuidgen gets the address of the card with lowest NMID. Enhanced uuidgen. Usage available in the manpage of uuidgen. 11. dcecp cores when modifying acls of dced objects in local mode. When dcecp and dced are in local mode, using the 'acl modify' command on dced objects results in a core dump or hang. Fixed in dcecp. 12. secd is dumping core when client requests authentication but with wrong password in a keytab. This cumulates till the secd reaches the maxdsize about 70-80MBand then cores. A memory leak related code problem with secd. 13. 'select' returns wrong bits settings. cma_select() when timed out returns the bits (fd_mask) passed by the user without changing them. So, in case where it is a timeout we need to clear the bits. 14. dcecp directory list is not doing authentication. If you delete permissions for unauthenticated access from a directory ACL, then it was not possible to list that directory (using dcecp's 'dir list' command) even as an authenticated user. Fixed in dcecp. 15. cdsadv dumps core with segmentation violation if the user's authenticated request is cancelled before servicing the callback of the request. After the request is cancelled, all the data structures it was using will be freed up but the AUTH-callback request will be still hanging around in the conversation queue(convq). Fixed in libdce.1 16. acl_edit attempts to write to the ACL, even if no change is made to the ACL. acl_edit should accept quit as an alias for exit. 17. dce_login -r does not have mechanism to refresh DFS credentials. This will not allow access to DFS once the TGT has expired. If the user's home directory is on DFS, then access to home directory is denied. This may happen after CDE screen lock also. Fixed in libdce.1 18. Locking an uninitialized mutex dumps core.(Threaded FORTRAN 77 applications using CMA threads dumped core.) Solved by checking if the mutex has been initialized by the user or not befor locking. If it has not been initialized return -1 and set errno to EINVAL. 19. cdsd leaves pseudodir entries in clearinghouse when background thread is run.The status flag was not updated properly. 20. Occassionally DCE Application dumps core when compiled with -z option This problem occurs only when the application is compiled with -z option which is used for detecting null references. When the DCE client application receives a local cancel it forwards it to the server and sets a timeout value. If the timeout expires before a response to the cancel reaches the client the client program(call thread ) cleans up the data structures including the call-rep. The call rep will also be referenced by the receiver thread. When the receiver thread references the call-rep which already cleaned-up, it dumps core. Fixed in libdce.1. 21. dceping -C fails. When /tmp/cdsdHostname gets removed, the dceping asks for hostname of cdsd server. One enters the hostname and dceping continues to run fine. Problem is this breaks a cronjob in the process, which does dceping -C and fails 22. IDL compiler was generating incorrect server stub code when parameters' de-referencing was required. This problem was due to a earlier fix(PHSS_10565) in IDL compiler and may not be seen in all the releases. Fixed in IDL compiler. 23. IDL compiler -no_def_idir option does not work as specified in the manpage. Fixed in IDL compiler. 24. Unmarshalling the IDL pipe data type does not cause the exception to be popped of the stack as done during the normal unmarshalling. This results in the application abort(system panic in case of DFS) during the occurence of valid exeception due to mismatch in the TRY/CATCH exception blocks.Fixed in the IDL compiler. 25. When expanding /.:/sec/principal in cdsbrowser there are duplicate self entries for each host principal. There should be one host principal for each machine in the cell (/.:/sec/principal/hosts//self). Every self principal is duplicated in a cell with multiple hosts. There will be the same number of entries for each self principal as the number of hosts in the cell. 26. All occurences of include in DCE source code is changed to include . 27. There is a new function added cma__hp_sched_opt(): int cma__hp_sched_opt(int timer, long timer_interval, int timeslice_quanta, long rt_timer_interval) This function enables the user to set the Timer Signal, Interval, Quanta of his/her choice. This also enables the user to set the real time signal SIGALRM for a desired interval.Timer Q is checked at regular intervals specified by rt_timer_interval. A signal handler is established for SIGALRM if rt_timer_interval is specified. timer : ITIMER_VIRTUAL | ITIMER_PROF timer_interval : Interval for timer-signal corresponding to 'timer'. (in microsecs) timeslice_quanta : Quanta for each thread. rt_timer_interval : The interval for the real-time signal(SIGALRM). (in microsecs) 0 => real-time timer not set. Before calling this function the CMA would have set the defaults as: timer = ITIMER_VIRTUAL; timer_interval = 100ms; timeslice_quanta = 2; rt_timer_interval = 0; There are also 3 new environment variables added: CMA_HP_SCHED_OPT : This provides the same functionality as cma__hp_sched_opt(). Format is: export CMA_HP_SCHED_OPT="timer timer_interval timeslice_quanta rt_timer_interval" eg: export CMA_HP_SCHED_OPT="1 100000 2 0" would set the timer to ITIMER_VIRTUAL, interval to 100ms, quanta to 2 and does not set the real time signal. CMA_HP_CHECK_TIMERS_AT_YIELD: Setting this variable would result in checking the timer Q at yield. This would help to put threads from the timer Q to the ready Q if their time has already expired when we do a yield. CMA_CRASH_ON_FORCED_SWITCH: Setting this variable would result in the application exiting with bug check if the quanta of a thread expired and it was forced to context switch. This can be used for some debugging purposes and it is advised not to set this variable in the normal case. 28. Enable sams to correctly generate a message catalog (via gencat) outside of clearcase (ie. using -oc option). PHSS_10565: 1. The cma_fork() function can cause a deadlock if another thread has the global mutex locked. We now lock the global mutex before locking any of the other internal mutexes. Fixed in libcma.1, libcma.a. 2. The login context could become corrupt due to the incorrect usage of local variable. Now we return the login context rather than assigning it a passed parameter. Fixed in libdce.1. 3. The dtsd daemon core dumps intermittently on shutdown/cleanup (ShutDownRPC) due to a variable, "profileName", being rpc_string_free'd incorrectly. The "rpc_string_free (&profileName, &status)" has been removed from dtss_service_global_set.c and checks for NULL in transport_rpc.c were added. Fixed in dtsd. 4. The ftpd.auth command will die during simultaneous calls to ftp due to execessive memory usage and swapping. The memory usage of the command was optimized. Fixed in libdceauth.sl. 5. Data checking improvements were added to chsh.auth and chfn.auth. Fixed in chsh.auth, chfn.auth. 6. The PHSS_9394-95 cdsadv core dumps dealing with rpc input-only arguments upon rpc retries. Now, input arguments are reconstructed on rpc failures. Fixed in cdsadv. 7. The cdsd daemon crashes when reading an acl that is too large. Generated acls are now checked to ensure that they are within the proper size range. Fixed in cdsd. 8. Data checking improvements were added to passwd.auth. Fixed in passwd.auth. 9. There is excess logging in the error.log when trying to execute rpc_mgmt_inq_server_princ_name to find a global server name, but not having a fully-bound binding (even when there wasn't a global server configured). A routine has been inserted to ensure we have a fully-bound binding before attempting the rpc_mgmt_inq_server_princ_name() routine. Fixed in dtsd. 10.A dce_login into a foreign cell fails if one of the security servers in the foreign cell is down since the local ps_site file does not contain RPC string bindings for foreign cells and a retry does not import bindings from the name space. A fix was added so that the import handle is not closed after the RPC bindings have been imported. Fixed in libdce.1, libdce.a, secd, sec_create_db, sec_salvage_db, klist, kinit, kdestroy, dfsgw, dfsgwd. 11.The passwd_export binary has improved its handling of applying group overrides. Fixed in passwd_export. 12.Improvements have been made to clean up some credential structures. Fixed in libdce.1, dced. 13.The cdsadv binary core dumps on the Security and Directory master server during intercell system testing. The method os allocating idl supplied memory was improved. Fixed in libdce.1. 14.The cdsd daemon was getting a bug error in the security/krb code. Error handling was changed to deal with cursor initialization and allocation. Fixed in libdce.1, cdsd. 15.Improvements were made to the error handling in the dce_db_open_file() function. Fixed in libdce.1. 16.Some invalid login attempts were not recorded when they should have been. Flow control improvements were made so that all cases where preauthentication was attempted, and failed, will be recorded as invalid login attempts. Fixed in libdce.1. 17.Improvements were made to dce_db_fetch_by_uuid so it returned a local copy of IDL-allocated structure and thus improved cdsadv performance. Fixed in libdce.1, libdce.a. 18.The GSS-API has been updated to conform to the latest Kerberos and GSS-API standards, while making other changes to accomodate the non- conformance of oldce DCE amd MIS GSS-API implementations. Fixed in libdce.a, libdce.1, secd, gssapi.h. 19.If clients wait for a long period of time to do an rpc_binding_import(), the call will fail since the clerk thread was deactivated in the meantime. A fix was added to allow the clerk thread to restart and handle the request properly. Fixed in libdce.1. 20.The cdsd daemon does not checkpoint. Fixed in cdsd. 21.Allow the sec_login_krb5_add_cred symbol to be exported in the international version of libdce. Fixed in libdce.1. 22.The rgy_edit command will abort will an "unexpected file type" message due to a problem in the fstat loop. It has been fixed so that if it returns an error it will not check the file type. Fixed in libcma.1, libcma.a. 23.The internal fstat() and rlimit() calls were updated to use the 64 bit interfaces and structures (fstat64 and rlimit64) to support 64bit file access in CMA threads. Fixed in libcma.1, libcma.a. 24.Updated klist to report correct information when dealing with the year 2000 and beyond. Fixed in klist. 25.Fix the memory allocation strategy of the config- file reader function to avoid having tools core dump. Fixed in libdce.1, libdce.a. 26.There were duplicate self entries for each host principal in cdsbrowser. The return value of sec_get_base was corrected to avoid this scenario. Fixed in cdsbrowser. 27.The "registry show -master" command was not binding correctly in all cases. The -master option will now use a different mechanism to obtain the binding information. Fixed in dcecp, libdcecp.sl. 28.Add a field to cma_g_file_obj to save the file type. This way if this is a pipe and the user has not set it to non- blocking mode, then we need to call fstat again to get the amount of space left in the pipe, before attempting the write(). Continue this process until we have written the number of bytes passed to cma_write(). Fixed in libcma.a, libcma.1. 29.Serialisation of connect requests are done only when connections are made to the same server address space. Fixed in libdce.1. 30.Improvements to the error handling were added to dce_error_inq_text() to handle unix error codes. Fixed in libdce.1, libdce.a. 31.The cds clerk spins. A fix was added to change cached handle flush. Fixed in cdsadv. 32.The cdsadv binary was changed so there is no longer a conflict between variable name TIMEOUT_P and macro definitions. Fixed in cdsadv. 33.Improvements to cdsadv to use rpc memory bookkeeping to deal with freeing memory. Fixed in cdsadv. 34.Modifications were made to pwd_strengthd to improve error handling. Fixed in pwd_strengthd. 35.The dced daemon leaks stub allocated memory from the dce_db_fetch_by_uuid() call. The dced daemon and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. There is ineffective code in both dced and the security runtime to free this memory. Fixed in dced and dcecp. 36.Add a test for variable KRB5CCNAME before starting dtsd. Fixed in /sbin/init.d/dce startup script. 37.A threads wrapper ensures a complete buffer transfer when send() is called in a blocking mode. Fixed in libcma.1, libcma.1. 38.Modified dce.h to add defined(__cplusplus) for _DCE_TOKENCONCAT_. Fixed in dce.h. 39.IDL and header files are now installed in /usr/include/dce. Fixed with dce_attr_base.idl, dce_attr_sch.idl, dce_attr_base.h, dce_attr_sch.h. 40.Use rpc_sm_free() instead of rpc_sm_client_free(). Fixed in libdce.1. 41.The dce_acl_obj_add_*() functions check for illegal entries, the acldb uses rpc_sm_client_free() instead of rpc_sm_free(), dce_acl_obj_add_obj supports for needed types of ACL's, dce_acl_copy_acl() handles foreign_id differently. Fixed in libdce.1. 42.Allow dfs to export logical volume aggregates with the same logical volume number even when in different volume groups. Fixed in dfs_core.ext. 43.Connection oriented RPC 'maybe' calls result in segmentation violation. Need to properly initialize iovlen. Fixed in libdce.1 and libdce.a. 44.Customer cannot use SD to install software on machines containing only FDDI networking. Fixed in libdce.1, libdce.a. 45.Improve calulation of pe_site lines by only using replicas that are not "marked for deletion" in the calculation. Fixed in dced. 46.The credentials refreshed by Integrated Login (screen unlock) are not certified. Fixed in dceexec. 47.The cdsd daemon was modificed to deal with a crash in db_btree_copy_keys(). Fixed in cdsd. 48.The cdsd daemon core dumps on startup with playback error. A fix was added to deal with splitting data buffers properly. Fixed in cdsd. 49.The logic for requesting the number of interfaces from the kernel in the RPC runtime changed to deal with large numbers of network interfaces. Fixed in libdce.1, libdce.a. 50.Changes to the context rundown procedure were implemented to deal with a deadlock. Fixed in libdce.1. PHSS_9394: 1. GDS/XDS interface doesn't handle looking up all the default dsa's properly. It does not look through the entire list of default dsa's when the session is a DEFAULT_SESSION. 2. If multiple instances of a daemon are running, dce_shutdown will shutdown only one of them and report success, even though the others are still running. 3. If garbage is in the masks passed to cma_select, it is copied into the global fd mask and later may cause cma__io_available to abort with "file unexpectedly closed" fd mask. 4. Bad datagram packet crashed any dce daemons except DCED. This problem is noticed only when forwarded datagram packets are processed by DCE daemons. DCED is the process which is reponsible for forwarding datagram packets. When packets are forwarded from other sources, especially when packet is not formated as expected, the servers panic resulting in core dump. 5. secd cores with replicas from rs_log_attr_sch_prop_create mem corruption. 6. Invalid login attempts not recorded when they should be. 7. Sometimes during configuration the sec_client.binding is not found. This occurs mostly on slow systems because the time waited for dced to create the file is not enough. The fix bumps wait time up to 2 minutes. 8. FR12 is destroyed when using CMA threads with +DA2.0. 9. krb5_init_ets is an allowed symbol, but is not exported in libdce. 10.Signal handling problem in ftpd.auth which has already been added to the internet services ftpd. 11.Various credentials data.db file problems associated with cdsadv. 12.Enhance supportability by adding pid/thr addr to lib/clerk protocol. 13.The advertiser sometimes crashes during RPC marshalling. Any clerk which encounters an RPC comm failure during heavy network load with a busy server will receive back incomplete results leading to the crash. 14.Error in handling timeout in CreateLink. 15.Uninitialized variable in the cdsadv. Generally not a problem in current release, but code fixed. 16.Bad output from deb_ascii_ptr_to_buf(). 17.ftpd.auth needs to be synchronized with Unix ftpd. To do this, the -p option needs to be added to ftpd.auth. Also, the wording of an error message needs to be changed. 18.cdsd crashed during system test due to mishandling of DBSet as Set. 19.The ds_read() call fails on objects that represent cds directories. 20.IF/OP Names show up as UNKNOWN in GlancePlus when they should be named. 21.A user reported that their KRB application caused secd to crash with a segementation violation. 22.secd dies with unhandled exception during log replay. If a DCE client attempts to use the IDL encoding services prior to traversing cstub or sstub code, and the ES raises an exception, the exception will not be handled. 23.If the principal that created an account (or the principal that last modified an account) is deleted, then that account is no longer viewable using dcecp although it is viewable with rgy_edit. 24.Need to NULL pepper pointer after freeing. 25.Need to check for NULL sec_passwd_plain passid in rs_acct_replace(). 26.The acl evaluation algorithms not correctly adjusting for access rights when a delegate ( not the initiator ) specified in an epac chain (creds) has no privileges specified in the acl being checked against. 27.Local root is unauthorized when accessing DFS whereas it should use machine credentials. 28.cma_waitid wrapper isn't working properly -- it is returning an incorrect value. 29.If there are no security servers in the cell, eventually both cdsd and dced will spin in the security binding code. 30."kdestroy -e" is sometimes flushing host credentials. 31.When using dce_config to configure a fileset location database server, the dfs_config code in the config_dfsfldb() function also configures a fileset server with no way to only configure a fileset location database server. 32.dced leaking stub allocated memory from the dce_db_fetch_by_uuid() call. dced and the security runtime are leaking memory around _all_ dce_db_fetch_by_uuid() calls. 33.DTS Spectracom Provider does not configure. 34.cdsd is dying on trying to show the acl of a principal when logged into a remote cell. 35.When running Integrated Login, if "login" detects a "password change required" condition, the "login" after the password change fails to do a DCE login. 36.Principals with keys that have a zero length pepper cannot validate their DCE identity. 37.cdsadv runs but then begins to leak data blocks identified to be tickets. cdsadv will eventually die by exhausting system resources. 38.An incorrect radix is set. Sams couldn't handle field width specifier properly. 39.You can use dce_rdacl_replace() to set a user_obj or group_obj entry on an ACL, but after that point can never update the ACL again. 40.The dce_rdacl_get_access() API call behaves incorrectly on verifying authorization. 41.The ACL manager for extended registry attribute types may include the policy ACL manager. However, the servicability permission bit ('s') cannot be correctly set on the policy manager ACL list. 42.dced acl code is displaying the wrong error message when a user is not authorized to access an object. It is incorrectly returning sec_acl_invalid_permission, but should return sec_acl_not_authorized. RECOMMENDED_CHANG: Change sec_acl_invalid_permission to sec_acl_not_authorized in appropriate areas. 43.When using CDE with Integrated Login, the second time the screen is unlocked the DCE credentials are destroyed. 44.The credentials refreshed by Integrated Login (screen unlock) are not certified. 45.There is a path in the sec_login code, via which a new credential database file could be created owned by root (the effective uid) instead of the creating principal. 46.A svc error message was incorrectly formatted. 47.Internal code fix for memory management. 48.There is a memory leak in sec_login_pvt and krb_info. 49.When a machine tries to refresh and validate its credentials before they expire (this occurs 10 minutes before expiration) if secd is down the machine purges the credentials and tries to obtain new ones which destroys the credentials 10 minutes before they are scheduled to expire. 50.The DFS-NFS gateway panics when the user's credentials expire. 51.Several memory leaks and other memory fixes for secd. 52.When the master is down and there is another security server available, security clients will leak memory when attempting to bind to the master. 53.Incorrect data typing resulted in an incorrect uid being used. 54.When a principal is deleted from the registry (i.e. orphaned), you can't remove any ACL entries that refer to that principal. Fix is to add -uuid switch to the acl modify command of dcecp to allow UUID's to be used in ACL entry keys. 55.Need to provide hostdata service during dced bootstrap to allow dcecp local hostdata functionality outside a cell with minimal "fake" DCE configuration. 56.dced leaks memory with each sec_login_validate_identity. 57.KRB5CCNAME is set up with a bogus value for passwd_override accounts. SR: 1653169441 5003318519 5003384826 1653241273 4701391052 5003386474 1653270603 5003424192 5003308429 5003393207 4701405969 5003393413 5003392209 5003355339 1653270595 5003430314 4701412692 1653293902 4701425389 Patch Files: /opt/dce/bin/dceexec /usr/lib/libdceauth.1 /usr/lib/security/libpam_dce.1 /usr/bin/login.auth /usr/bin/su.auth /usr/bin/passwd.auth /usr/bin/chsh.auth /usr/bin/chfn.auth /usr/lbin/ftpd.auth /usr/lib/libauth.1 /usr/lib/nls/msg/C/passwd.au.cat /opt/dce/lib/libbb.a /opt/dce/bin/gdscp /opt/dce/bin/idl /opt/dce/include/dce/dce.h /opt/dce/include/dce/dcelibmsg.h /opt/dce/include/dce/dce_attr_base.h /opt/dce/include/dce/dce_attr_base.idl /opt/dce/include/dce/dce_attr_sch.h /opt/dce/include/dce/dce_attr_sch.idl /opt/dce/include/dce/gssapi.h /opt/dce/include/dce/dce_utils.h /opt/dce/include/dce/cma_ux.h /opt/dce/lib/libcma.a /opt/dce/lib/libdce.a /opt/dce/bin/dfsgw /opt/dce/sbin/dfsgwd /usr/lib/nls/msg/ja_JP.SJIS/dfsdsb.cat /usr/lib/nls/msg/ja_JP.eucJP/dfsdsb.cat /opt/dce/ext/dfs_client.ext /opt/dce/sbin/dfsbind /opt/dce/bin/dfs_config /opt/dce/ext/dfs_core.ext /opt/dce/ext/dce_krpc.ext /opt/dce/sbin/pwd_strengthd /opt/dce/bin/sec_create_db /opt/dce/bin/sec_salvage_db /opt/dce/sbin/secd /opt/dce/sbin/cdsd /opt/dce/bin/cdsbrowser /opt/dce/bin/dceping /opt/dce/bin/dceval /opt/dce/bin/acctmgr /usr/lib/nls/msg/ja_JP.SJIS/dcelib.cat /usr/lib/nls/msg/ja_JP.SJIS/dcesad.cat /usr/lib/nls/msg/ja_JP.SJIS/dcetcl.cat /usr/lib/nls/msg/ja_JP.eucJP/dcelib.cat /usr/lib/nls/msg/ja_JP.eucJP/dcesad.cat /usr/lib/nls/msg/ja_JP.eucJP/dcetcl.cat /usr/share/man/man1m.Z/dcecp_cdsalias.1m /usr/share/man/man1m.Z/dced.1m /usr/share/man/man1.Z/uuidgen.1 /usr/lib/nls/msg/C/dcedcp.cat /usr/lib/nls/msg/C/dcelib.cat /usr/lib/nls/msg/C/dcesad.cat /usr/lib/nls/msg/C/dcetcl.cat /usr/lib/libcma.1 /usr/lib/libdce.1 /opt/dce/sbin/dtsd /opt/dce/lib/zoneinfo/Australia/NSW /opt/dce/lib/zoneinfo/Australia/Victoria /sbin/init.d/dce /opt/dce/sbin/auditd /opt/dce/sbin/cdsadv /opt/dce/bin/dcecp /opt/dce/sbin/dced /opt/dce/bin/kdestroy /opt/dce/bin/kinit /opt/dce/bin/klist /opt/dce/bin/passwd_export /opt/dce/bin/acl_edit /opt/dce/bin/uuidgen /opt/dce/bin/sams /opt/dce/examples/config/config.env /opt/dce/newconfig/etc/opt/dce/dce_com_utils /opt/dce/bin/dce.rm /opt/dce/bin/dce_config /opt/dce/bin/pwd_config /usr/lib/libdcedpvt.1 /usr/lib/libdcecp.1 /opt/dce/dcecp/bckp_cds.dcp /opt/dce/dcecp/bckp_sec.dcp /opt/dce/dcecp/cell.dcp /opt/dce/dcecp/dir_ops.dcecp what(1) Output: /opt/dce/bin/dceexec: HP DCE/9000 1.5 PHSS_19739-40 Module: dceexec (Expor t) Date: Sep 6 1999 19:52:43 /usr/lib/libdceauth.1: HP DCE/9000 1.5 PHSS_19739-40 Module: libdceauth.sl (Export) Date: Sep 4 1999 05:48:57 /usr/lib/security/libpam_dce.1: HP DCE/9000 1.5 PHSS_19739-40 Module: libpam_dce.1 ( Export) Date: Sep 4 1999 05:49:25 /usr/bin/login.auth: HP DCE/9000 1.5 PHSS_19739-40 Module: login.auth (Ex port) Date: Sep 4 1999 06:03:50 /usr/bin/su.auth: HP DCE/9000 1.5 PHSS_19739-40 Module: su.auth (Expor t) Date: Sep 4 1999 06:04:01 /usr/bin/passwd.auth: HP DCE/9000 1.5 PHSS_19739-40 Module: passwd.auth (E xport) Date: Sep 4 1999 06:04:28 /usr/bin/chsh.auth: HP DCE/9000 1.5 PHSS_19739-40 Module: chsh.auth (Exp ort) Date: Sep 4 1999 06:05:12 /usr/bin/chfn.auth: HP DCE/9000 1.5 PHSS_19739-40 Module: chfn.auth (Exp ort) Date: Sep 4 1999 06:05:07 /usr/lbin/ftpd.auth: HP DCE/9000 1.5 PHSS_19739-40 Module: ftpd.auth (Exp ort) Date: Sep 4 1999 06:03:39 /usr/lib/libauth.1: HP DCE/9000 1.5 PHSS_19739-40 Module: libauth.sl (Ex port) Date: Sep 4 1999 05:48:36 /usr/lib/nls/msg/C/passwd.au.cat: None /opt/dce/lib/libbb.a: HP DCE/9000 1.5 PHSS_19739-40 Module: libbb.a (Expor t) Date: Sep 4 1999 05:48:13 /opt/dce/bin/gdscp: HP DCE/9000 1.5 PHSS_19739-40 Module: gdscp (Export) Date: Sep 6 1999 19:02:35 /opt/dce/bin/idl: HP DCE/9000 1.5 PHSS_19739-40 Module: idl (Export) D ate: Sep 4 1999 03:58:18 /opt/dce/include/dce/dce.h: None /opt/dce/include/dce/dcelibmsg.h: None /opt/dce/include/dce/dce_attr_base.h: None /opt/dce/include/dce/dce_attr_base.idl: None /opt/dce/include/dce/dce_attr_sch.h: None /opt/dce/include/dce/dce_attr_sch.idl: None /opt/dce/include/dce/gssapi.h: None /opt/dce/include/dce/dce_utils.h: None /opt/dce/include/dce/cma_ux.h: HP DCE/9000 1.5 /opt/dce/lib/libcma.a: HP DCE/9000 1.5 PHSS_19739-40 Module: libcma.a (Expo rt) Date: Sep 4 1999 01:59:30 /opt/dce/lib/libdce.a: HP DCE/9000 1.5 PHSS_19739-40 Module: libdce.a (Expo rt) Date: Sep 6 1999 18:22:53 /opt/dce/bin/dfsgw: HP DCE/9000 1.5 PHSS_19739-40 Module: dfsgw (Export) Date: Sep 6 1999 19:19:41 /opt/dce/sbin/dfsgwd: HP DCE/9000 1.5 PHSS_19739-40 Module: dfsgwd (Export ) Date: Sep 6 1999 19:19:55 /usr/lib/nls/msg/ja_JP.SJIS/dfsdsb.cat: None /usr/lib/nls/msg/ja_JP.eucJP/dfsdsb.cat: None /opt/dce/ext/dfs_client.ext: HP DCE/9000 1.5 PHSS_19739-40 Module: dfs_client.ext Kernel Component - 10.x (Export) Date: Sep 4 1999 04:50:34 /opt/dce/sbin/dfsbind: HP DCE/9000 1.5 PHSS_19739-40 Module: dfsbind (Expor t) Date: Sep 6 1999 19:14:30 /opt/dce/bin/dfs_config: HP DCE/9000 1.5 /opt/dce/ext/dfs_core.ext: HP DCE/9000 1.5 PHSS_19739-40 Module: dfs_core.ext K ernel Component - 10.x (Export) Date: Sep 4 1999 04:50:21 /opt/dce/ext/dce_krpc.ext: HP DCE/9000 1.5 PHSS_19739-40 Module: dce_krpc.ext K ernel Component - 10.x (Export) Date: Sep 4 1999 03:59:38 /opt/dce/sbin/pwd_strengthd: HP DCE/9000 1.5 PHSS_19739-40 Module: pwd_strengthd (Export) Date: Sep 6 1999 19:53:32 /opt/dce/bin/sec_create_db: HP DCE/9000 1.5 PHSS_19739-40 Module: sec_create_db (Export) Date: Sep 6 1999 18:54:31 /opt/dce/bin/sec_salvage_db: HP DCE/9000 1.5 PHSS_19739-40 Module: sec_salvage_db (Export) Date: Sep 6 1999 18:54:54 /opt/dce/sbin/secd: HP DCE/9000 1.5 PHSS_19739-40 Module: secd (Export) Date: Sep 6 1999 18:54:12 /opt/dce/sbin/cdsd: HP DCE/9000 1.5 PHSS_19739-40 Module: cdsd (Export) Date: Sep 6 1999 19:04:12 /opt/dce/bin/cdsbrowser: HP DCE/9000 1.5 PHSS_19739-40 Module: cdsbrowser (Ex port) Date: Sep 6 1999 19:51:21 /opt/dce/bin/dceping: HP DCE/9000 1.5 PHSS_19739-40 Module: dceping (Expor t) Date: Sep 6 1999 19:49:26 /opt/dce/bin/dceval: HP DCE/9000 1.5 PHSS_19739-40 Module: dceval (Export ) Date: Sep 6 1999 19:49:36 /opt/dce/bin/acctmgr: HP DCE/9000 1.5 PHSS_19739-40 Module: Account Manage r Date: Sat Sep 4 05:56:59 IST 1999 /usr/lib/nls/msg/ja_JP.SJIS/dcelib.cat: None /usr/lib/nls/msg/ja_JP.SJIS/dcesad.cat: None /usr/lib/nls/msg/ja_JP.SJIS/dcetcl.cat: None /usr/lib/nls/msg/ja_JP.eucJP/dcelib.cat: None /usr/lib/nls/msg/ja_JP.eucJP/dcesad.cat: None /usr/lib/nls/msg/ja_JP.eucJP/dcetcl.cat: None /usr/share/man/man1m.Z/dcecp_cdsalias.1m: None /usr/share/man/man1m.Z/dced.1m: None /usr/share/man/man1.Z/uuidgen.1: None /usr/lib/nls/msg/C/dcedcp.cat: None /usr/lib/nls/msg/C/dcelib.cat: None /usr/lib/nls/msg/C/dcesad.cat: None /usr/lib/nls/msg/C/dcetcl.cat: None /usr/lib/libcma.1: HP DCE/9000 1.5 PHSS_19739-40 Module: libcma.sl (Exp ort) Date: Sep 4 1999 01:59:07 /usr/lib/libdce.1: HP DCE/9000 1.5 PHSS_19739-40 Module: libdce.sl (Exp ort) Date: Sep 6 1999 18:22:15 /opt/dce/sbin/dtsd: HP DCE/9000 1.5 PHSS_19739-40 Module: dtsd (Export) Date: Sep 6 1999 18:51:56 /opt/dce/lib/zoneinfo/Australia/NSW: None /opt/dce/lib/zoneinfo/Australia/Victoria: None /sbin/init.d/dce: HP DCE/9000 1.5 /opt/dce/sbin/auditd: HP DCE/9000 1.5 PHSS_19739-40 Module: auditd (Export ) Date: Sep 6 1999 18:53:57 /opt/dce/sbin/cdsadv: HP DCE/9000 1.5 PHSS_19739-40 Module: cdsadv (Export ) Date: Sep 6 1999 19:05:30 /opt/dce/bin/dcecp: HP DCE/9000 1.5 PHSS_19739-40 Module: dcecp (Export) Date: Sep 6 1999 19:20:49 /opt/dce/sbin/dced: HP DCE/9000 1.5 PHSS_19739-40 Module: dced (Export) Date: Sep 6 1999 19:08:36 /opt/dce/bin/kdestroy: HP DCE/9000 1.5 PHSS_19739-40 Module: kdestroy (Expo rt) Date: Sep 6 1999 18:56:40 /opt/dce/bin/kinit: HP DCE/9000 1.5 PHSS_19739-40 Module: kinit (Export) Date: Sep 6 1999 18:56:51 /opt/dce/bin/klist: HP DCE/9000 1.5 PHSS_19739-40 Module: klist (Export) Date: Sep 6 1999 18:56:29 /opt/dce/bin/passwd_export: HP DCE/9000 1.5 PHSS_19739-40 Module: passwd_export (Export) Date: Sep 6 1999 18:55:50 /opt/dce/bin/acl_edit: HP DCE/9000 1.5 PHSS_19739-40 Module: acl_edit (Expo rt) Date: Sep 6 1999 18:55:16 /opt/dce/bin/uuidgen: HP DCE/9000 1.5 PHSS_19739-40 Module: uuidgen (Expor t) Date: Sep 6 1999 18:49:54 /opt/dce/bin/sams: HP DCE/9000 1.5 PHSS_19739-40 Module: sams (Export) Date: Sep 4 1999 04:32:22 /opt/dce/examples/config/config.env: None /opt/dce/newconfig/etc/opt/dce/dce_com_utils: HP DCE/9000 1.5 /opt/dce/bin/dce.rm: HP DCE/9000 1.5 /opt/dce/bin/dce_config: HP DCE/9000 1.5 /opt/dce/bin/pwd_config: None /usr/lib/libdcedpvt.1: HP DCE/9000 1.5 PHSS_19739-40 Module: libdcedpvt.sl (Export) Date: Sep 6 1999 18:40:28 /usr/lib/libdcecp.1: HP DCE/9000 1.5 PHSS_19739-40 Module: libdcecp.sl (E xport) Date: Sep 6 1999 18:48:48 /opt/dce/dcecp/bckp_cds.dcp: None /opt/dce/dcecp/bckp_sec.dcp: None /opt/dce/dcecp/cell.dcp: None /opt/dce/dcecp/dir_ops.dcecp: None cksum(1) Output: 3798767907 1117824 /opt/dce/bin/cdsbrowser 91722392 61056 /opt/dce/bin/dceping 1583507183 44672 /opt/dce/bin/dceval 1323807248 609223 /opt/dce/bin/acctmgr 1928477385 152374 /opt/dce/lib/libbb.a 1344924264 77440 /opt/dce/sbin/pwd_strengthd 2224471285 2424448 /opt/dce/bin/sec_create_db 661681636 2502272 /opt/dce/bin/sec_salvage_db 4182234041 2444928 /opt/dce/sbin/secd 3451623529 888448 /opt/dce/sbin/cdsd 1255434634 2525 /usr/lib/nls/msg/ja_JP.SJIS/dcelib.cat 693051226 15492 /usr/lib/nls/msg/ja_JP.SJIS/dcesad.cat 3222527963 25729 /usr/lib/nls/msg/ja_JP.SJIS/dcetcl.cat 3221264198 2525 /usr/lib/nls/msg/ja_JP.eucJP/dcelib.cat 3553768255 15492 /usr/lib/nls/msg/ja_JP.eucJP/dcesad.cat 672394148 25729 /usr/lib/nls/msg/ja_JP.eucJP/dcetcl.cat 3733011158 4174 /usr/share/man/man1m.Z/dcecp_cdsalias.1m 1772044953 4622 /usr/share/man/man1m.Z/dced.1m 3496278826 3616 /usr/share/man/man1.Z/uuidgen.1 1059731745 71004 /usr/lib/nls/msg/C/dcedcp.cat 2618758552 1954 /usr/lib/nls/msg/C/dcelib.cat 2799999461 14098 /usr/lib/nls/msg/C/dcesad.cat 3062773334 20658 /usr/lib/nls/msg/C/dcetcl.cat 3331757589 528384 /usr/lib/libcma.1 1599499158 4812800 /usr/lib/libdce.1 364952580 364160 /opt/dce/sbin/dtsd 10194180 727 /opt/dce/lib/zoneinfo/Australia/NSW 2464500849 727 /opt/dce/lib/zoneinfo/Australia/Victoria 2460612896 24894 /sbin/init.d/dce 2274530667 208512 /opt/dce/sbin/auditd 278361887 585344 /opt/dce/sbin/cdsadv 720730196 523904 /opt/dce/bin/dcecp 3247349045 1642112 /opt/dce/sbin/dced 497723317 1388160 /opt/dce/bin/kdestroy 3760433383 1388160 /opt/dce/bin/kinit 3722935061 1392256 /opt/dce/bin/klist 1437575757 48768 /opt/dce/bin/passwd_export 3447200298 89728 /opt/dce/bin/acl_edit 949923533 32384 /opt/dce/bin/uuidgen 3252188283 77440 /opt/dce/bin/sams 829764956 3958 /opt/dce/examples/config/config.env 3038448675 31823 /opt/dce/newconfig/etc/opt/dce/ dce_com_utils 2677857381 10461 /opt/dce/bin/dce.rm 1507166885 177636 /opt/dce/bin/dce_config 1819702670 23653 /opt/dce/bin/pwd_config 2293241886 172032 /usr/lib/libdcedpvt.1 1669474820 1576960 /usr/lib/libdcecp.1 2796448902 1919 /opt/dce/dcecp/bckp_cds.dcp 19298107 1023 /opt/dce/dcecp/bckp_sec.dcp 749720855 23441 /opt/dce/dcecp/cell.dcp 2657949845 20505 /opt/dce/dcecp/dir_ops.dcecp 3765062696 441984 /opt/dce/bin/idl 1188135686 5457 /opt/dce/include/dce/dce.h 4173271170 2444 /opt/dce/include/dce/dcelibmsg.h 3541149226 724 /opt/dce/include/dce/dce_attr_base.h 2838051244 4633 /opt/dce/include/dce/dce_attr_base.idl 1755028500 4066 /opt/dce/include/dce/dce_attr_sch.h 1801047633 15970 /opt/dce/include/dce/dce_attr_sch.idl 759734464 22848 /opt/dce/include/dce/gssapi.h 4280705248 1298 /opt/dce/include/dce/dce_utils.h 2250372006 10382 /opt/dce/include/dce/cma_ux.h 635316632 611728 /opt/dce/lib/libcma.a 1524591320 6522652 /opt/dce/lib/libdce.a 1226362025 3188 /usr/lib/nls/msg/ja_JP.SJIS/dfsdsb.cat 275907064 3188 /usr/lib/nls/msg/ja_JP.eucJP/dfsdsb.cat 662291753 475996 /opt/dce/ext/dfs_client.ext 2815460831 392832 /opt/dce/sbin/dfsbind 2409001261 93630 /opt/dce/bin/dfs_config 2763705660 844601 /opt/dce/ext/dfs_core.ext 3038767741 655884 /opt/dce/ext/dce_krpc.ext 2578919573 1425024 /opt/dce/bin/dfsgw 2545855282 1441408 /opt/dce/sbin/dfsgwd 854123403 646784 /opt/dce/bin/gdscp 525068015 81536 /opt/dce/bin/dceexec 2501728285 110592 /usr/lib/libdceauth.1 3847258914 36864 /usr/lib/security/libpam_dce.1 1689967542 106112 /usr/bin/login.auth 962023349 48768 /usr/bin/su.auth 3602055244 147072 /usr/bin/passwd.auth 3698774000 36480 /usr/bin/chsh.auth 3525296759 40576 /usr/bin/chfn.auth 3546579105 122496 /usr/lbin/ftpd.auth 3038078479 90112 /usr/lib/libauth.1 268602170 1331 /usr/lib/nls/msg/C/passwd.au.cat Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_9394 PHSS_10565 PHSS_12593 PHSS_14920 PHSS_15731 PHSS_16429 PHSS_17596 Equivalent Patches: None Patch Package Size: 39720 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_19739 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_19739.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_19739. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_19739.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_19739.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: For this patch to take effect Stop and Start all DCE daemons and application processes OR reboot the machine after installing it. *****IMPORTANT NOTE***** -- Oracle 7.3.3 and above will need to be relinked. This patch contains changes to the libcma library. Applications such as Oracle that use this library and are built static will need to be relinked. For information and help for the rebuild please contact your Oracle support personnel. ***NOTE*** -- A new version of dce_com_utils is present in this patch which will be installed in the directory /opt/dce/newconfig/etc/opt/dce/. For the new version to take effect please copy it to /etc/opt/dce/ directory. Please save the customized /etc/opt/dce/dce_com_utils, if necessary.