|
Patch 4050 : IRIX 6.2 Networking Commands #8 : [IRIX 6.2]
INDEX
RELATIONS
RELEASE NOTES
1. Patch SG0004050 Release Note
This release note describes patch SG0004050 to IRIX 6.2.
This patch completely replaces patch SG0003414. The patch
contains a security fix to usr/etc/telnetd. The other
binaries included in this patch are identical to those
released in patch SG0003414. The other components are
included because it is SGI policy to fully replace a patch
if it is necessary to release a new sub-component of
previously released patch.
1.1 Supported Hardware Platforms
This patch contains bug fixes for all platforms.
1.2 Supported Software Platforms
This patch contains bug fixes for IRIX 6.2. The software
cannot be installed on other configurations. Installing the
networking kernel rollup patch SG0002673 or its successor is
recommended. This patch replaces patches SG0001366,
SG0001485, SG0001811, SG0002070, SG0002611, SG0003000,
SG0003117 and SG0003414.
1.3 Bugs Fixed by Patch SG0004050
This patch contains fixes for the following bugs in IRIX
6.2. It includes all of the changes of patches SG0001366,
SG0001485, SG0001811, SG0002070, SG0002611, SG0003000,
SG0003117 and SG0003414. Bug numbers from Silicon Graphics
bug tracking system are included for reference.
1.3.1 New Fixes in Patch SG0004050
o Security problems with telnetd. (ID 798922)
1.3.2 Bugs Fixed by Patch SG0003414
o The rpc.rusersd daemon coredumps causing rusers to
hang. (ID 671740)
o DNS named daemon updated from Bind 4.9.7 to fix known
security problems. (ID 598413)
o The DHCP database can be edited while the DHCP server
is executing. The utility program to do this is dhcpdb.
This utility also allows printing, dumping, and
reloading the database. See the man page for
dhcpdb(1M).
The HOSTNAME_TAG to request a specific name is
supported. This is used by Windows clients and
optionally by SGI clients. The name is given to the
client only if it is not in use.
Server will free up leases that were expired to serve
additional clients.
Server works correctly with NT clients using DHCP
option 81.
1.3.3 Bugs Fixed by Patch SG0003000
o ftpd's use of the utmpx and utmp files could lead to
apparent deadlock among ftpd's. utmpx and utmpx
corruption is also possible. (ID 579436)
This fix has one known side effect: some ftp
connections on a system with a high number of ftp
connections may not be logged to the utmp and utmpx
files; wtmp and wtmpx logging occurs unchanged.
Prior to this fix, ftpd would not log a connection to
the utmp and utmpx when the number of simultaneous
connections surpassed 62. This limitation has been
relaxed so that 254 simultaneous ftp connections can be
logged to the utmp and utmpx files.
Installing libc rollup patch 2867 or later is
recommended for a more solution to problems created by
the interaction of ftpd and libc's utmp and utmpx code.
o Some clients using the Client identifier option may not
get a lease. The DHCP relay agent failed to forward
bootp requests. (ID 575557).
o syslogd could filter messages erroneously when the same
message was received from different hosts (ID 559214).
o ruptime/rwho hosts/users limits were too small (ID
590260).
o DHCP server and the relay agent allows debugging to be
set on/off using USR1/USR2 signals. The server can be
configured to return a default set of options
regardless of what the client requests. When state
changes occur and are reflected in the etherToIP
database a script can be set up to be called. The host
table for bootptab entries was limited to 2048. This is
now set to increase as needed.
o The proclaim client supports vfe, gfe, and eg
interfaces. (ID 594355)
o Server entry is added correctly to the hosts file if
necessary on the client when a DNS domain is returned.
(ID 593825)
o rsh failing on 700 user directories w/ .rhosts file.
rshd calls ruserok as root. For NFS3, root can be
mapped to "nobody" which will fail since access is
denied for group "other". Retry a second time as owner.
(ID 525594)
o rsh cannot handle exported 0700 nfsv3 directories. rshd
does chdir() as root. For NFS3, root can be mapped to
"nobody" which will fail since access is denied for
group "other". Retry a second time as owner.
(ID 563934)
o rshd keeps /dev/log open longer than necessary.
closelog() done at wrong place. (ID 565309)
1.3.4 Bugs Fixed by Patch SG0002611
o inetd could fail to find user 'root' in the password
file or NIS map (ID 459895). This was partially
corrected in patch SG0002070, but not completely.
o The API functions of rsvpd have been split out into
librsvp.so. The API has been updated to the new
interface defined in ISI rel4.1a6. rsvpd has also been
updated ISI rel4.1a6. (ID 541409).
o portmap could run out of child table slots (ID 519538).
o timeslave should support a GPS receiver (ID 548138),
and should keep working past 2000 (ID 555856) (Y2K
bug).
o ftp/ftpd should support time after year 2000 (ID
540871) (Y2K bug).
o Experimental support for large TCP windows has been
added to ftp and ftpd.
o New DHCP server backend introduced making it faster and
scalable.
o DHCP server supports client ID and static allocation of
IP addresses (ID 554541).
o ProclaimServerMgr fixed to be able to show leases from
the new dhcp server backend (ID 554888).
o DHCP client (proclaim) changed to support client id and
correctly assigns domain name (ID 533815).
o Change in Internet Gateway to be able to show leases
from the dhcp server backend. NOTE: If the Internet
Gateway is being used to view the leases given out by a
DHCP server run the command:
/usr/WebFace/bin/htmake -h newsplash.shtml -l -s admin /usr/WebFace/Source /usr/ns-home/httpd-gateway/docs/webface
to make Internet Gateway aware of changes due to
changes in the dhcp server backend. If the Internet
Gateway v2.1.1 or earlier is installed after this patch
is installed you will need to re-install this patch.
o DHCP server assigns NetBIOS name server, but misses
node type (ID 559199).
1.3.5 Bugs Fixed by Patch SG0002070
o ftp left cleartext passwords in core dumps (ID 481873).
o ftpd left cleartext passwords in core dumps (ID
482190).
o ftp forced the user to enter an account from the
terminal even if it was specified in .netrc (ID
493382).
o /usr/sbin/ProclaimServerMgr couldn't stat
"/var/dhcp/etherToIP" (ID 393088).
o DHCP Server may give out duplicate addresses if range
exhausted (ID 463113).
o DHCP server does not correctly work with alternate
hosts and ethers file. (ID 463119).
o DHCP server does not allow preassignment of DNS
addresses (ID 463120).
o dhcp_relay coredumps under some conditions (ID 469183).
o DHCP server core dumps if no config files are loaded
(ID 470827).
o Loading configurations that are disabled causes
incorrect behaviour (ID 477707).
o Server gives out address not in range with -x option
(ID 481297).
o Several bugs in DHCP server (ID 482476).
o With the -x flag enabled duplicate names in ethers can
be created (ID 484863).
o ProclaimServerMgr dies with "Error: file "file4" isn't
open" (ID 487655).
o A race between rlogin and xwsh could result in
erroneous window sizes being reported to remote systems
(ID 432928).
o rlogin could dump core if an excessively long TERM
variable was used (ID 499575).
o Security issue when rlogin dumps core (ID 498603).
o Cannot choose hostname/address when hostname/address is
default (ID 500523).
o The handling of large numbers of remote shell
connections has been improved (ID 500241).
o rsvpd has been updated. The one shipped with 6.2 is
obsolete and incompatible with the latest RSVP
specification. (ID 506376).
o rpcbind could dump core (ID 508398).
o portmap could run out of memory (ID 502760).
1.3.6 Bugs Fixed by Patch SG0001811
o Bug 393088: /usr/sbin/ProclaimServerMgr couldn't stat
"/var/dhcp/etherToIP"
o Bug 463113: DHCP Server may give out duplicate
addresses if range exhausted
o Bug 463119: DHCP server does not correctly work with
alternate hosts and ethers file.
o Bug 463120: DHCP server does not allow preassignment of
dns addresses.
o Bug 469183: dhcp_relay coredumps under some conditions
o Bug 470827: DHCP server core dumps if no config files
are loaded.
o Bug 477707: Loading configurations that are disabled
causes incorrect behaviour.
o Bug 481297: Server gives out address not in range with
-x option
o Bug 482476: Several bugs in DHCP server
o Bug 484863: With the -x flag enabled duplicate names in
ethers can be created
o Bug 487655: ProclaimServerMgr dies with "Error: file
"file4" isn't open"
1.3.7 Bugs Fixed by Patch SG0001485
o Bug 8180: ypbind now tries to bind using multicast. To
bind to a NIS server not on the local network, the
distant system running `ypserv` must have `portmap`
configured to listen to multicast requests. `portmap`
in this patch is safe from the denial of service
attacks from the Internet if multicast reception that
could conceivably attack previous versions of `portmap`
if multicast service is turned on.
o Bug 32332: yp domain names are now completely case
insensitive.
o The ypserv crash whose symptom was rebinding to other
servers has been fixed.
o Bug 294178: Named now supports round-robin record
sorting.
o Bug 373847: The timeslave WWW/Traconex problems are
fixed by ignoring the "spare" bits that are set by the
Traconex version of the WWV receiver. The parity
problems are solved by documenting the reuirements of
timeslave in the man page.
o Bug 391952: the ipfilterd.1m man page was missing from
the IRIX release; this patch provides it.
o Bug 394367: Named now supports requests to alias
addresses. (Requires networking rollup patch 1418 or
later)
o Bug 397235: ypbind and ypbind now tolerate a system
with more than 20 network interfaces.
o Bug 417545 and 418059: Named has been upgraded to
Bind-4.9.6 which fixes a problem with expanding
domainnames with spaces. This would cause named to
fail all requests with errors about failing to resolve
CNAME or NS information.
o Telnet, telnetd, rlogin, rlogind, timed, and timeslave
now specify IP "low delay" type of service (TOS).
o On 64-bit systems, arp -a would not show all addresses
in the ARP cache (ID 348619).
o Timeslave would dump core (ID 363058).
o The BOOTP and DHCP servers failed to function on
systems using IP aliases (ID 394059)
o Inetd could dump core if the NIS password map changed
after inetd started up. A failure to locate a user
would result in a NULL-pointer dereference (ID 396323).
o The FTP server could dump core if a PASV command was
issued prior to the user logging in (ID 406579).
1.3.8 Bugs Fixed by Patch SG0001366
o The FTP server would allow logins to accounts with
expired passwords (ID 273287).
o The IRIX 6.2 ifconfig command does not attempt to set
the destination address for a point-to-point network
interface, a regression which was caused when ifconfig
was modified to support IP aliases. This affected some
but not all PPP systems. A symptom of this problem is
"netstat -rn" displaying misformatted information when
listing routes involving such interfaces. (ID
323866,375099)
o Rpcbind could hang and disrupt networking services (ID
348335).
o Inetd could dump core if IP aliases were in use (ID
351375).
o FTP server processes would sometimes hang forever in an
accept() call (ID 353649).
o Inetd could leak file descriptors when services were
shutdown due to heavy load (ID 368997).
o Timeslave -Y could force the year wrong on New Year's
Eves. (ID 558302).
o ftpd has potential denial of service vulnerability. (ID
524127).
1.4 Subsystems Included in Patch SG0004050
This patch release includes these subsystems:
o patchSG0004050.eoe_sw.svr4net
o patchSG0004050.eoe_sw.unix
1.5 Installation Instructions
Because you want to install only the patches for problems
you have encountered, patch software is not installed by
default. After reading the descriptions of the bugs fixed
in this patch (see Section 1.3), determine the patches that
meet your specific needs.
If, after reading Sections 1.1 and 1.2 of these release
notes, you are unsure whether your hardware and software
meet the requirements for installing a particular patch, run
inst. The inst program does not allow you to install
patches that are incompatible with your hardware or
software.
Patch software is installed like any other Silicon Graphics
software product. Follow the instructions in your Software
Installation Administrator's Guide to bring up the miniroot
form of the software installation tools.
Follow these steps to select a patch for installation:
1. At the Inst> prompt, type
install patchSGxxxxxxx
where xxxxxxx is the patch number.
2. Initiate the installation sequence. Type
Inst> go
3. You may find that two patches have been marked as
incompatible. (The installation tools reject an
installation request if an incompatibility is
detected.) If this occurs, you must deselect one of
the patches.
Inst> keep patchSGxxxxxxx
where xxxxxxx is the patch number.
4. After completing the installation process, exit the
inst program by typing
Inst> quit
1.6 Patch Removal Instructions
To remove a patch, use the versions remove command as you
would for any other software subsystem. The removal process
reinstates the original version of software unless you have
specifically removed the patch history from your system.
versions remove patchSGxxxxxxx
where xxxxxxx is the patch number.
To keep a patch but increase your disk space, use the
versions removehist command to remove the patch history.
versions removehist patchSGxxxxxxx
where xxxxxxx is the patch number.
1.7 Known Problems INST SUBSYSTEM REQUIREMENTS No Requirements Information Available. INST SUBSYSTEM CHECKSUMS These checksums help to provide a 'signature' for the patch inst image which can be used to authenticate other inst images. You can obtain this kind of output by running sum -r on the image (from the command line): 55544 16 patchSG0004050.idb 47453 1976 patchSG0004050.eoe_sw 60740 74 patchSG0004050.eoe_man 09695 31 patch/README.patch.4050 49580 104 patchSG0004050.eoe_sw64 29875 17 patchSG0004050 48229 83 patchSG0004050.nfs_sw 05186 17 patchSG0004050.nfs_man INST SUBSYSTEM FILE LISTINGS The following lists the files which get installed from each subsystem in the patch:
DOWNLOAD PATCH
|
||||||||||||||||||||||||||||||||||||
Document Id: 20021117075932-IRIXPatch-1417
|
||||||||||||||||||||||||||||||||||||