SCO OpenServer Release 5.0.7 Maintenance Pack 3 Release and Installation Notes

The SCO OpenServer(TM) Maintenance Pack 3 contains important fixes for your SCO OpenServer Release 5.0.7 system and should be applied at your next maintenance period.

NOTE: This is the second SCO OpenServer Release 5.0.7 Maintenance Pack. To preserve a numerical correlation with Update Pack 3, this Maintenance Pack is named MP3. There is no Maintenance Pack 2.

These Release and Installation Notes contain critical information that you need to know before and after installing SCO OpenServer Release 5.0.7 Maintenance Pack 3. Please familiarize yourself with the information that is relevant to your system, then install the Maintenance Pack according to the instructions in this document.

NOTE: Unless otherwise noted, this document supplements the SCO OpenServer Release 5.0.7 Late News, which are still relevant. As information becomes available after the publication of these Release and Installation Notes, it is added to the SCO OpenServer Release 5.0.7 Late News document, available from the SCO web site at:

http://www.sco.com/support/docs/openserver

These Release and Installation Notes cover the following topics:

About Maintenance Packs and Update Packs
Before installing the Maintenance Pack
Installing the Maintenance Pack
Highlights of the Maintenance Pack
Maintenance Pack notes and limitations

About Maintenance Packs and Update Packs

There are two support ``tracks'' that are available to SCO OpenServer Release 5.0.7 customers:

Maintenance Packs: A Maintenance Pack (MP) is a collection of security updates and fixes for reported problems. Maintenance Packs are made available periodically and can be downloaded and installed free-of-charge. Maintenance Packs are cumulative, so only the latest one needs to be installed.
Update Packs: An Update Pack (UP) is a collection of some of the new features and product enhancements that will be included in the next SCO OpenServer release. Available only for registered subscribers to the SCO Update Service, Update Packs provide a simplified and streamlined process for deploying new technology and keeping systems updated.
Update Packs supplement the Maintenance Packs. Each Update pack requires the installation of a corresponding Maintenance Pack. Update Packs are cumulative, so you only need to install the latest Maintenance Pack plus the latest Update Pack to bring the system up to date with the latest features and enhancements.

Obtaining Maintenance Packs

SCO OpenServer Maintenance Packs are available for download from the SCO OpenServer Release 5.0.7 Maintenance Pack web page:

http://www.sco.com/support/update/download/osr507mp.html

If your SCO OpenServer media kit contains the SCO OpenServer SCO OpenServer Release 5.0.7 Supplement CD, you can install the MP from the CD. You should check the SCO OpenServer Release 5.0.7 Supplements web page, however, to verify that the Supplement CD contains the most current Maintenance Pack available.

Before installing the Maintenance Pack

Before installing SCO OpenServer Release 5.0.7 Maintenance Pack 3, note the following:

Back up the data on your system and verify the integrity of the backup.
The RS507B Release Supplement (a component of the Maintenance Pack) is a critical requirement for the other components in the Maintenance Pack to function correctly.
Maintenance Pack 3 can only be installed on SCO OpenServer Release 5.0.7 systems.
Maintenance Pack 3 supersedes the following Supplements:
- SLS OSS631 -- Supplemental Graphics, Web, and X11 Libraries
- SLS OSS646 -- Execution Environment Supplement
- SLS OSS656 -- Licensing Update
- SLS OSS662 -- MP1 Supplement
- Large Filesystem Performance Supplement (lpfs)
- wd Driver Supplement
NOTE: Do not install any of these supplements on your system after you have installed this Maintenance Pack.
Before installing the Maintenance Pack, you should remove OSS646A/OSS646B and OSS656A/OSS656B. It is not necessary to first remove any of the OSS631 supplements.
When you remove the recommended supplements, you do not need to reboot the system after the kernel is re-linked. The Maintenance Pack installation also re-links the kernel -- you can reboot at that point.
The "Supplemental Graphics, Web, and X11 Libraries" package (gwxlibs) should always be installed. Several packages (such as ssh and Apache) depend on these libraries and will fail with dynamic linker errors if they are not present.

Maintenance Pack Installation

NOTE: Be sure to read ``Before installing the Maintenance Pack'' prior to starting this procedure.

You can acquire and install SCO OpenServer Release 5.0.7 Maintenance Pack 3:

directly over the Internet using the SCO Update function in the Software Manager.
by downloading the MP media images from either the SCO web site or FTP site.
from the SCO OpenServer Release 5.0.7 Supplement CD Version 3.

If there are multiple systems on your TCP/IP network that require Maintenance Pack 3, you can load and install the MP on a software server and use it as a centralized distribution point. See ``Installing the Maintenance Pack across the network'' for more information.

Installing the Maintenance Pack using SCO Update

SCO Update allows you to install Maintenance and Update Packs directly over the Internet. This approach saves you the time -- and extra hard disk space -- of first downloading installable image files from the SCO web or FTP sites.

NOTE: Maintenance Pack 1 added support for SCO Update to the Software Manager. If MP1 was never installed on your system, SCO Update will not be available from within the Software Manager until after you install MP3.

To use SCO Update:

Log in as root.
Start the Software Manager by double-clicking on its icon on the desktop, or by entering the following at the command-line prompt:

scoadmin software
From the Software menu, select SCO Update. The system connects to the SCO Update server.
The Install Selection window displays all of the SCO OpenServer Release 5.0.7 update packs, maintenance packs, drivers, and so forth that are currently available.
Highlight "Maintenance Pack 3" and click on Install.
The selected software is automatically downloaded and installed on your system.
WARNING: The Software Manager displays one or more warnings if the Maintenance Pack contains fixes for software features that are not currently installed on your system. If you do not plan to install the affected package (for example: SMP), you can ignore such messages and click on Continue. However, if you do plan to install this package later, you should stop the install process, install the package in question from the installation media, and restart the Maintenance Pack installation. This ensures the fixes are applied properly (and avoids potential problems).
If any Maintenance Pack fixes were not installed because the corresponding feature was not present, the Software Manager shows the Maintenance Pack as only partially installed. This is normal.
When the installation is complete, click on OK.
Exit the Software Manager by selecting the Host menu, then Exit.
Reboot the machine. (Because the Software Manager relinks the kernel, you must reboot before the new kernel takes effect.)

We recommend that you use SCO Update periodically to check for new updates, fixes, or drivers for SCO OpenServer Release 5.0.7.

Installing the Maintenance Pack from downloaded media images

To install the SCO OpenServer Release 5.0.7 Maintenance Pack 3 from media images that you manually download:

Log in as root.
Download the Maintenance Pack from either the SCO web site or using FTP:
- to use the web, go to the SCO OpenServer Release 5.0.7 Maintenance Pack web page:
  
  http://www.sco.com/support/update/download/osr507mp.html
- to use FTP, go to the SCO Support Download Area:
  
  ftp://ftp.sco.com/pub/openserver5/507/mp/mp3
NOTE: Maintenance Pack 3 consists of a tar archive containing a number of media image files with names of the form VOL.000.000, VOL.000.001, and so forth. (You also have the option of downloading the individual VOL files.) Because all update and maintenance packs use this same filename scheme, you should create a master directory with a unique subdirectory to store each pack. The master directory could be /usr/updates, /usr/spool/patches, or whatever suits your system layout. The master hierarchy should be writable by root only.
If you download the individual files rather than the tar archive, please be sure to carefully verify that all of the sequentially-numbered VOL files are present in your download directory before proceeding.
Download the 507mp3_vol.tar file and use this command to extract the media image files:

tar xvf 507mp3_vol.tar
Start the Software Manager by double-clicking on its icon on the desktop, or by entering the following at the command-line prompt:

scoadmin software
From the Software menu, select Install New.
When prompted for the host (machine), select the current host and then click on Continue.
Select Media Images as the Media Device, then click on Continue. (You may need to scroll down before you see the Media Images option.)
Enter the absolute pathname for the directory that contains the Maintenance Pack 3 media images. For example:

/usr/spool/patches/507mp3

Click on OK.
In the Install Selection window, make sure that the Maintenance Pack is highlighted, then click on Install.
NOTE: Any component of the Maintenance Pack that updates existing software (such as the RS507B Release Supplement) must be installed. New features such as cdrtools are optional.
If you previously installed any of the components that are modified by the Maintenance Pack, you are notified that these components will be upgraded. Click on Continue.
Additionally, you are warned if certain packages in the Maintenance Pack will not be installed because the software they modify is not installed on your system. Click on Continue.
WARNING: The Software Manager displays one or more warnings if the Maintenance Pack contains fixes for software features that are not currently installed on your system. If you do not plan to install the affected package (for example: SMP), you can ignore such messages and click on Continue. However, if you do plan to install this package later, you should stop the install process, install the package in question from the installation media, and restart the Maintenance Pack installation. This ensures the fixes are applied properly (and avoids potential problems).
If any Maintenance Pack fixes were not installed because the corresponding feature was not present, the Software Manager shows the Maintenance Pack as only partially installed. This is normal.
When the installation is complete, click on OK. The Software Manager lists Maintenance Pack 3 among the installed software.
Exit the Software Manager by selecting the Host menu, then Exit.
Reboot the machine. (Because the Software Manager relinks the kernel, you must reboot before the new kernel takes effect.)

Installing the Maintenance Pack from CD-ROM

To install the SCO OpenServer Release 5.0.7 Maintenance Pack 3 from the SCO OpenServer Release 5.0.7 Supplement CD Version 3:

Log in as root.
Insert the SCO OpenServer Release 5.0.7 Supplement CD Version 3 into the drive.
Start the Software Manager by double-clicking on its icon on the desktop, or by entering the following at the command-line prompt:

scoadmin software
From the Software menu, select Install New.
When prompted for the host (machine), select the current host and then click on Continue.
Select the appropriate CD-ROM drive as the Media Device, then click on Continue.
In the Install Selection window, make sure that the Maintenance Pack is highlighted, then click on Install.
NOTE: Any component of the Maintenance Pack that updates existing software (such as the RS507B Release Supplement) must be installed. New features such as cdrtools are optional.
If you previously installed any of the components that are modified by the Maintenance Pack, you are notified that these components will be upgraded. Click on Continue.
WARNING: The Software Manager displays one or more warnings if the Maintenance Pack contains fixes for software features that are not currently installed on your system. If you do not plan to install the affected package (for example: SMP), you can ignore such messages and click on Continue. However, if you do plan to install this package later, you should stop the install process, install the package in question from the installation media, and restart the Maintenance Pack installation. This ensures the fixes are applied properly (and avoids potential problems).
If any Maintenance Pack fixes were not installed because the corresponding feature was not present, the Software Manager shows the Maintenance Pack as only partially installed. This is normal.
When the installation is complete, click on OK. The Software Manager lists Maintenance Pack 3 among the installed software.
Exit the Software Manager by selecting the Host menu, then Exit.
Reboot the machine. (Because the Software Manager relinks the kernel, you must reboot before the new kernel takes effect.)

Installing the Maintenance Pack across the network

You can install SCO OpenServer Release 5.0.7 Maintenance Pack 3 from one SCO OpenServer Release 5.0.7 system onto another across a TCP/IP network. To do so, you need a software server, which you can create as described in "Installing and managing software over the network" in the SCO OpenServer Networking Guide. This server has a user account called swadmin.

Install or load Maintenance Pack 3 on the software server using one of the installation procedures described in ``Maintenance Pack Installation''. Also see "Installing and managing software components" in the SCO OpenServer Handbook for more information on loading software.

To install Maintenance Pack 3 onto a local machine once the Maintenance Pack is available from the software server, start the Software Manager and select Install New. In the Begin Installation window, you are prompted for the source location of the Maintenance Pack. Select From Another Host. You need to provide the name of the software server, as well as the password of the swadmin user on the software server.

Removing a Maintenance Pack

WARNING: Because of interdependencies between the components that are included in Maintenance Packs, partial removal of an MP is not supported.

Removing Maintenance Pack 3 de-installs the Apache Web Server, Perl, and Supplemental Graphics, Web, and X11 Libraries components. When these components are removed, many system functions will cease to work, including Squid, Samba, and the GNU Development Tools (if installed).

After removing the Maintenance Pack, it is imperative that you reinstall the Apache Web Server, Perl, and Supplemental Graphics, Web, and X11 Libraries components from your SCO OpenServer Release 5.0.7 System CD-ROM. This section explains how to do this.

To remove the Maintenance Pack and reinstall your Release 5.0.7 versions of the Apache Web Server, Perl, and Supplemental Graphics, Web, and X11 Libraries components:

Log in as root.
Start the Software Manager by double-clicking its icon on the desktop, or by entering the following at the command-line prompt:

scoadmin software
Select the Maintenance Pack in the list of installed software.
From the Software menu, select Remove Software. In the confirmation window, verify that you selected the correct software, then click on Remove.
A window displays, showing you a list of software that will stop functioning after the Maintenance Pack is removed. Click on Continue.
When the Removal complete window appears, click on OK and exit the Software Manager by selecting Exit from the Host menu.
Insert the SCO OpenServer Release 5.0.7 System CD-ROM into the drive.
Restart the Software Manager, as you did in Step 2.
From the Software menu, select Install New.
When prompted for the host (machine), select the current host and then click on Continue.
Select the appropriate CD-ROM drive as the Media Device, then click on Continue.
In the Install selection window, locate the operating system edition (Enterprise, Desktop, or Host) that you installed and double-click to expand it.
Double-click on these three components under the operating system edition:

UNIX (This is always the first entry in the list.)
Connectivity
Internet Services
Under the UNIX component, double-click on the Core OS component.

Using the <Ctrl> key to select multiple components, click on the following components to select them for installation:

Under Core OS:

   Perl 5.8.0
   Perl 5.8.0 Extensions
   Supplemental Graphics, Web, and X11 Libraries
   Apache Web Server
   mod_perl for Apache
   mod_ssl for Apache
   php4 for Apache
   Apache XML Toolkit (AxKit)
   Perl ASP Support for Apache

Under Connectivity:

   Secure Shell

Under Internet Services:

   Mozilla

When all of these components are highlighted, click on Install.

When the installation is complete, click on OK.
Exit the Software Manager by selecting the Host menu, then Exit.
Reboot the machine. (Because the Software Manager relinks the kernel, you must reboot before the new kernel takes effect.)

Highlights of the Maintenance Pack

Changes and additions provided by this Maintenance Pack include:

support for IDE hard disks larger than 137GB
cdrtools
multisession CD read support
additions to Internet Services: Tomcat and JK
X.Org runtime libraries and core fonts
updates to Mozilla web browser and new plugin support
updates to UDK compatibility libraries
updates to the Supplemental Graphics, Web, and X11 Libraries
updates to Perl
updates to OpenSSH
updates to the Apache Web Server
updates to MMDF
list of problems fixed

NOTE: Drivers for new hardware have been moved out of the Maintenance Pack and are available on the Supplement CD.

Support for IDE hard disks larger than 137GB

Previously, this feature was part of the Update Packs; it is now included in Maintenance Pack 3.

Maintenance Pack 3 includes a new revision of the wd(HW) driver that supports IDE hard disks larger than 137GB.

NOTE: If you have a new IDE hard disk that is larger than 137GB that you want to add to your system, you should do so after you have installed the Maintenance Pack and the new wd driver. If you want to use the disk as your root drive, you need to load the new driver at boot time (using the link(HW) bootstring) before beginning the installation.

If your system currently uses an IDE drive larger than 137GB, the new wd driver makes it possible to use the full capacity of the disk. To use the entire disk, however, you must manually reconfigure the drive to recreate the existing disk partitions or to create new ones. The wd driver readme explains this process in detail.

Instructions for installing the wd driver are provided on the SCO web site at:

http://www.sco.com/support/update/download/wddrvr.html

or the SCO OpenServer Release 5.0.7 Supplement CD Version 3. We strongly recommend that you review these instructions before using the new features of the driver.

CD writer support: cdrtools

The cdrtools package (ver 2.01a27) is now included and officially supported in SCO OpenServer Release 5.0.7. It is a set of programs for creating CD images (mkisofs) and writing data to recordable/rewritable CDs (cdrecord).

NOTE: cdrecord(1) supports many options and formats that are beyond the scope of basic file archiving. This section documents the most common tasks for creating data CDs and includes information specific to SCO OpenServer Release 5.0.7.

Tested hardware

The following drives have been tested on SCO OpenServer Release 5.0.7:

Matsushita CW-7502
Philips CDD-2600
Plextor PX-R412Ci
Plextor PX-R820Ti
Plextor PX-W2412TA
Plextor PX-W4824TA
Ricoh MP6200S
Teac CD-R50S
Teac CD-R55S
Teac CD-R56S
Teac CD-R58S
YAMAHA CDRW4416S
YAMAHA CRW2260

Most MMC-compliant CD writers should work.

Configuration

If you have not already used the CD drive to install SCO OpenServer Release 5.0.7, you need to manually configure the drive with the mkdev cdrom command.

Listing available devices

To display a list of CD devices on the system, use the -scanbus option of the cdrecord(1) command:

cdrecord -scanbus

A list of devices similar to this is displayed (SCSI addresses are shown regardless of the controller type):

   scsibus0:
         0,0,0   0) 'ATAPI '  'CD-RW 52X24X ' 'MB51' Removable CD-ROM
         0,1,0   1) *
         0,2,0   2) *
         0,3,0   3) *
         0,4,0   4) *
         0,5,0   5) *
         0,6,0   6) *
         0,7,0   7) *

In this case an ATAPI CD writer is the first device on an IDE controller (address 0,0,0).

cdrecord default file (/etc/default/cdrecord)

This file contains the default device settings for cdrecord. First are the device, speed, and buffer settings (note that the latter two are commented out):

   CDR_DEVICE=ide
   #CDR_SPEED=40
   #CDR_FIFOSIZE=4m

The CDR_DEVICE setting is actually an index into a table with a series of drive-specific defaults:

   # drive name    device  speed   fifosize driveropts
   #
   teac=           1,3,0   -1      -1      ""
   panasonic=      1,4,0   -1      -1      ""
   plextor=        1,4,0   -1      -1      ""
   sanyo=          1,4,0   -1      -1      burnfree
   yamaha=         1,5,0   -1      -1      ""
   ide=            0,0,0   -1      -1      burnfree
   cdrom=          0,6,0   2       1m      ""

The default entry is ide (as defined by CDR_DEVICE). Because a generic SCSI driver is used for all CD drives, the SCSI address scheme (host adapter, device, LUN) is used even with IDE controllers. At the same time, this scheme only applies to IDE controllers with CD drives (that is, the numbering of host adapters is not absolute.) For example, on a system with no SCSI adapters and two IDE controllers, the controller with the CD drive attached is host adapter 0 (even if it happens to be the secondary IDE controller).

NOTE: On the command line, the LUN (0) can be omitted (as it is in the examples discussed here).

Note the default addresses for other drives are not realistic; be sure and change the device address in second column to match the actual drive settings. The other columns (speed, buffer size, and driver options) can be set as desired. A value of -1 indicates that the device uses its own default value. The quotes in the column indicate an empty option list; burnfree allocates a larger buffer for write operations (if supported by the drive). Other options are documented in cdrecord(1).

Creating a data disc

Before using cdrecord to make a data disc you must first create an ISO image with mkisofs. This sample command creates an ISO9660 image of the working directory (.) with Joliet (-J) and RockRidge (-r) directory entries and stores it in the file /tmp/cdimg.iso:

mkisofs -r -J -o /tmp/cdimg.iso .

To write this image to a disc, you would use a command like this:

cdrecord -v -eject dev=0,0 /tmp/cdimg.iso

The -v is optional and generates verbose output. The dev= argument can also be omitted if the default drive is defined in /etc/default/cdrecord. The -eject option ejects the disc when the process is complete. In addition, cdrecord displays a nine-second countdown to give you an opportunity to abort the command.

You can also perform a test burn using the -dummy option:

cdrecord -v -dummy /tmp/cdimg.iso

The command is executed as specified, but the laser is not activated.

NOTE: The -dummy option may actually damage media on certain older drives (rendering them unusable).

If the system is relatively idle (with little or no disk activity), it is possible to skip creating the image and pipe the output of mkisofs directly to cdrecord:

mkisofs -r /usr/home/cforbin | cdrecord -

In this example, the contents of /usr/home/cforbin is written to the disc (the - argument takes data from the standard input).

WARNING: On active systems you should create an ISO image for best results.

Mounting a disc

You can mount and unmount a disc from the desktop using the MountCD icon, or from the command line as in these examples using /mnt as a mount point:

mount -r /dev/cd0 /mnt
umount /mnt

Media support

cdrecord supports the following drive types/media:

Media Type Read-Write Behavior

CD-R Existing data cannot be erased or overwritten

Additional sessions can be appended

CD-RW Entire disc can be erased/blanked

Explicit erasing/blanking required before rewrite

Additional sessions can be appended

Media Type	Read-Write Behavior
CD-R	Existing data cannot be erased or overwritten
	Additional sessions can be appended
CD-RW	Entire disc can be erased/blanked
	Explicit erasing/blanking required before rewrite
	Additional sessions can be appended

Multisession support

To create multisession disks, you must use the -multi option to leave the CD open (un-fixated) for writing additional sessions:

cdrecord -multi image.iso

To finalize a CD (making it non-writable), simply omit the -multi option.

Writing a new session on a CD normally hides the previous session from view (requiring an application that allows you to select the active session). However, it is possible to import the TOC (table of contents) from the previous session and make the previously-written data available in the ISO image for the new session.

In this example, mkisofs uses the -C option to execute the cdrecord -msinfo command on the specified drive (-M 0,0) to read the location of the previous session and uses the response to create the ISO image:

mkisofs -r -J -C `cdrecord -msinfo` -M 0,0 -o image.iso /usr/home/colossus

When cdrecord is used to write the image to CD, all the previous data will be accessible along with the new files (in this example, from /usr/home/colossus).

Multisession support: mount(ADM)

The mount(ADM) command now includes options to mount CD filesystems by session or sector. See the mount(ADM) manual page for details.

By default, the mount(ADM) command mounts the last session. To override the default and mount the first session, use the syntax in this example:

mount -o session=1 /dev/cd0 /mnt

At this time, only the first and last sessions can be mounted by session number. However, the sector option can be used to mount an arbitrary session by the starting sector number. On newer drives, you can use the -toc option of the cdrecord(1) command to obtain the starting sector:

cdrecord -toc

For a multi-session CD, the output looks something like this:

   track:   1 lba:         0 (        0) 00:02:00 adr: 1 control: 4 mode: 1
   track:   2 lba:     20235 (    80940) 04:31:60 adr: 1 control: 4 mode: 1
   track:   3 lba:     39262 (   157048) 08:45:37 adr: 1 control: 4 mode: 1
   track:lout lba:     53507 (   214028) 11:55:32 adr: 1 control: 4 mode: -1

You can use the lba output to mount the desired sector. In this example, the command mounts session 2, which starts at sector 20235:

mount -o sector=20235 /dev/cd0 /mnt

NOTE: If you used cdrecord(1) when it was provided on the Skunkware CD (and multisession CD read support was not present in SCO OpenServer Release 5.0.7), note that the the last session is now mounted by default. Multisession CDs typically include files from previous sessions by reference, so this should yield a better view of the contents of the disc.

Additions to Internet Services: Tomcat and JK

Maintenance Pack 3 includes the following additions to Internet Services:

Apache Tomcat Servlet Container 4.1.29: an open source package that provides a container for JavaServer Pages(TM) and Java(TM) Servlets. Requires the Java 2 JRE and Java SDK (1.3.1 or 1.4.2).
JK: a plugin that replaces mod_jserv and handles the communication between Tomcat and Apache.

Consult the DocView Internet Services page for documentation links relating to these packages.

Tomcat notes

The following sections include additional information about Tomcat.

Enabling Tomcat

After installing Tomcat, you must enable it manually. To enable and start Tomcat, run these commands:

/etc/init.d/tomcat enable

When enabled, Tomcat also automatically restarts each time the system is rebooted.

Tomcat web application

After startup, the default web applications included with Tomcat are available by browsing:

http://localhost:8080/

The administrator application is available directly at:

http://localhost:8080/admin/login.jsp

The logins for the admin and other roles must be set up as described in the next section.

Using the Tomcat admin and manager logins

By default the admin and manager web logins are not enabled. To add these logins, do the following:

Edit the configuration file /usr/lib/apache/tomcat/conf/tomcat-users.xml. The contents are similar to the following:

   <tomcat-users>
     <user name="tomcat" password="tomcat" roles="tomcat" />
     <user name="role1"  password="tomcat" roles="role1"  />
     <user name="both"   password="tomcat" roles="tomcat,role1" />
   </tomcat-users>

You can change these entries to include the desired web login, password, and the role to which you want them assigned. (Do not confuse these "web" logins that are used to access the administrative web application with operating system system logins.) The admin and manager roles/logins allow someone with the proper password to run the admin and manager web applications. For example, the following entries create admin and manager web logins with tomcat as the password:
```
     <role rolename="admin"/>
     <role rolename="manager"/>
     <user username="admin" password="tomcat" roles="admin"/>
     <user username="manager" password="tomcat" roles="manager"/>
```
After making changes or additions, you must restart Tomcat:

/etc/init.d/tomcat restart

Tomcat web application Java exception error

If you log into the Tomcat Application Manager, stop an Application, restart it, then proceed to the application path and then use the Back button to return to the Tomcat Web Application Manager, the following error may be displayed in the Messages box of the Tomcat Application Manager:

   FAIL - Application at context path /tomcat-docs could not be started
   FAIL - Encountered exceptionjava.lang.IllegalStateException:
   standardHost.start /tomcat-docs: LifecycleException:  Container
   StandardContext[/tomcat-docs] has already been started

This is not a fatal error and is not unique to SCO OpenServer Release 5.0.7 systems. The workaround is to use reload instead of stop or start.

X.Org runtime libraries

The X.Org X11 Release 6.7 runtime libraries, header files, and core fonts are now included and supported by SCO in SCO OpenServer Release 5.0.7. The man pages for the X.Org routines are also installed on the system, but are not included in the MANPATH environment variable. (This is done to avoid collision with the existing X11R5 man pages.) If you wish to access the X.Org man pages in preference to X11R5, insert /usr/X11R6/man into your MANPATH variable (or the system-wide setting in /etc/default/man) before the /usr/man entry, as in this example:

   MANPATH=scohelp:/usr/X11R6/man:/usr/man:/usr/gnu/man:/usr/local/man

If you add the X11R6 path to /etc/default/man, you should also update the man page database by executing the following command as root:

/usr/man/bin/makewhatis /usr/X11R6/man/*

Updates to Mozilla web browser and new plugins

Maintenance Pack 3 includes Mozilla 1.6 and the following new plugins:

Plugger 5.0: supports the display of media files within the browser. You must install a player that supports the desired media; these are available in the Skunkware package on the SCO website.
Xpdf 3.0: plugin that allows PDF files to be displayed inside the browser.

In addition, Mozilla 1.6 is pre-configured to work with the Java Plugin provided on the SCO OpenServer Release 5.0.7 Supplement CD Version 3.

Mozilla and the XSENDER command

This release of Mozilla is configured to disable mail authentication via the XSENDER command. If your POP server supports the XSENDER command and you wish to enable this feature, either edit the system-wide preferences in /usr/lib/mozilla-1.6/defaults/pref/mailnews.js and set the auth_login preferences to true, or add such entries to your individual Mozilla preferences as described at the following URL:

http://www.mozilla.org/unix/customizing.html#prefs

Updates to UDK compatibility libraries

Maintenance Pack 3 includes an update to 8.0.2 of the UDK compatibility libraries, which contains numerous fixes to the runtime libraries and provides support for user-level threads for UDK applications.

Updates to the Supplemental Graphics, Web, and X11 Libraries

The following changes are included with Maintenance Pack 3 in the Supplemental Graphics, Web, and X11 Libraries:

Everything compiled to use X11R6 libraries and headers
libmng updated to version 1.0.7
Xaw3D updated to version 1.5E
JasPer updated to 1.701.0
OpenSLP updated to 1.2.0
libART-LGPL 2.3.16 added
trio 1.10 added
popt 1.7 added
libgsf 1.8.2 added
libcroco 0.5.0 added
libwmf 0.2.8.2 added
librsvg 2.7.1 added
libexif 0.5.12 added
libexif-gtk 0.3.3 added
libgtkhtml-2 2.6.0 added
ICU updated to 2.8
Xerces updated to version 2.5.0
Xalan updated to version 1.7.0
cURL updated to version 7.11.1
Cyrus SASL updated to version 2.1.18
FreeType2 updated to version 2.1.8
LCMS updated to version 1.12
libIDL updated to version 0.8.3
TIFF library updated to 3.6.1
libxml2 updated to version 2.6.9
libxslt updated to version 1.1.6
gdome updated to 0.8.1
XMLSEC updated to version 1.2.5
NetPBM updated to version 10.20
BerkeleyDB updated to version 4.2.52 + patches
OpenLDAP updated to version 2.2.9
OpenSSL 0.9.6 updated to version 0.9.6m
OpenSSL 0.9.7 updated to version 0.9.7d
PCRE updated to version 4.5
ZLIB updated to version 1.2.1
Sablotron updated to 1.0.1
giflib updated to ungif 4.1.0
GD2 updated to 2.0.22
gettext updated to 0.14.1
fontconfig updated to 2.2.2
Added missing include files from freetype 1
Fixed module names and installation location for Pango

The following changes were included with Maintenance Pack 1 in the Supplemental Graphics, Web, and X11 Libraries (previously SLS OSS631B):

added Xerces-C version 2.2.0
added Xalan-C version 1.5.0
added Sablotron version 0.98
added JavaScript version 1.5rc4 (Mozilla SpiderMonkey)
added ICU (International Components for UniCode) version 2.4
added cURL version 7.10.5
GNU gettext updated to version 0.11.5
OpenSSL updated to version 0.9.6j
Berkeley DB updated to version 4.1.25 + patch 1
JASper updated to version 1.700.2
libMNG updated to version 1.0.5
NetPBM updated to version 10.17
GTK+ 2 updated to version 2.2.2
Pango updated to version 1.2.3
ATK updated to version 1.2.4
GLIB 2 updated to version 2.2.2
SLang updated to version 1.4.9
libmm updated to version 1.3.0
libxml2 updated to version 2.5.8
libxslt updated to version 1.0.31
xmlsec updated to the official 1.0.3 version
OpenSLP updated to version 1.0.11
SASL updated to version 2.1.14
lcms updated to version 1.10
pkg-config updated to version 0.15
OpenLDAP updated to version 2.1.22
FreeType2 updated to version 2.1.4
PCRE updated to version 4.3
TIFF updated to version 3.5.7
GDOME updated to version 0.7.4
GD updated to version 2.0.15 (version 1.8.4 provided as well)
dependency errors in several configuration scripts have been fixed
several missing include files now included
all gwxlibs libraries are compiled with -D_REENTRANT for better interoperation with software threads libraries
several missing aclocal M4 packages now included
the library files for the SLang shell (slsh) now included
fixed the zlib gzprintf() CERT vulnerability
fixed a GDK compile error that was preventing shared memory from being used
fixed a compilation error in libmm that was causing multiple shared memory mechanisms to be defined
all libraries compiled with FD_SETSIZE set to the maximum value so that these libraries can work with systems that allow a large number of open file descriptors

Updates to Perl

The following changes are included with Maintenance Pack 3 in the Perl 5.8.4 component:

additional modules for XML support.

The following changes were included with Maintenance Pack 1 in the Perl 5.8.0 component:

added several XML-related CPAN modules
updated several core modules such as Digest::MD5
fixed re-entrancy problems so Perl interacts better with user-level threads programs
entire suite compiled with FD_SETSIZE set to the maximum value, to work with systems that allow a large number of open file descriptors
now configured to support 64-bit integers and the ``long double'' type for greater numeric precision

Updates to OpenSSH

Maintenance Pack 3 features OpenSSH 3.8p1, which includes the following fixes made by the maintainers of this package:

sshd(8) now supports forced changes of expired passwords via passwd(C) or keyboard-interactive authentication.
ssh(1) now uses untrusted cookies for X11-Forwarding. Some X11 applications might need full access to the X11 server, see ForwardX11Trusted in ssh(1) and xauth(1) for more information.
ssh(1) now supports sending application layer keep-alive messages to the server. See ServerAliveInterval in ssh(1) for more information.
Improved sftp(1) batch file support.
New KerberosGetAFSToken option for sshd(8).
Updated /etc/ssh/moduli file and improved performance for protocol version 2.
Support for host keys in DNS (draft-ietf-secsh-dns-xx.txt). Please see README.dns in the source distribution for details.
Fixed a number of memory leaks.
The experimental "gssapi" support has been replaced with the "gssapi-with-mic" to fix possible MITM attacks. The two versions are not compatible.

NOTE: When using ssh(1), the contents of the /etc/motd file are displayed twice at login. To prevent this from occurring, edit the /etc/ssh/sshd_config and change the #PrintMotd yes entry to remove the comment symbol (#) so that it reads as follows:

   PrintMotd No

The /etc/ssh/sshd_config.default file installed with MP3 includes this corrected entry; if you have not customized sshd_config, you can simply copy this file to overwrite the old version.

Updates to the Apache Web Server

The following changes are included with Maintenance Pack 3 in the Apache Web Server component:

Apache Web Server updated to version 1.3.31
PHP updated to version 4.3.5
mod_ssl updated to version 2.8.16
AxKit updated to version 1.6.2

The following changes were included with Maintenance Pack 1 in the Apache Web Server component:

entire suite has been compiled with FD_SETSIZE set to the maximum value to work with systems that allow a large number of open file descriptors. (This allows more than 256 Apache servers to run simultaneously.)

Updates to MMDF

The following sections detail various updates and fixes made to MMDF.

Security fixes

Various buffer overflows, null dereferences, and core dumps that affect all MMDF binaries have been corrected. All but one of the MMDF binaries that were setuid root are no longer (they have been improved to make this unnecessary), reducing the potential for further exploitation. The local channel delivery program is still setuid root because it must deliver mail into users' mailboxes and run processes with users' UIDs.

Improvements to mmdftailor(F)

Three new MMDF general configuration parameters can be set in /usr/mmdf/mmdftailor: ORPHANAGE, DEADLETTER, and TAGCHARS. See mmdftailor(F) for more information.

Improvements to submit(ADM)

Several changes have been made to submit(ADM):

Messages can now be submitted with a null return address in protocol mode. Formerly, a null address for either the return address or a recipient address resulted in the silent termination of address-list processing. Address-list parsing is now terminated only by a !, as per the submit specification.
Messages with a null return address that bounce are discarded instead of being sent to the orphanage.
When messages are submitted with the do-not-return (q) option, a return address is no longer passed to remote hosts, preventing bounce messages from being generated.
relay authorization now correctly interprets aliases that point offsite, include the addresses of users who have a .forward file that points offsite, as still being local addresses.
There is now a "magic" address (@@) which is like any other bad address except that if it occurs in a .forward file or alias no complaint to supportaddr is issued. This can be used to prevent mail from being accepted for certain users, similar to aliasing such users to a nonexistent address but without the notification that is generated every time a true bad address is referenced. An alias to @@ can itself be used in aliases without generating warning mail, so that an alias like this can be set up:
```
   @@: nosuchuser
```
Then the less cryptic address nosuchuser can be used in aliases and .forward files.
Formerly, if -t ("trust me") was given to submit but the user was not a trusted user, a Source-Info line was added. Now in that case a Source-Info line is added only if the user is not who they claim to be in the most authoritative From/Sender field. For the purpose of this test, a plain Sender is taken to be more authoritative than a plain From. If a Resent-, Remailed-, or Redistributed- version of either a From or Sender field is given, it is taken to be more authoritative than the plain version of either. All such Re* headers are taken to be equally authoritative, and the last one seen in the header (the one furthest down in the header) is taken to be most authoritative. To determine if the user is who they claim to be, the local-address part of the most authoritative sender is looked up in the password file to map it to a UID, and that UID is compared to the invoking UID. If the UIDs match and the hostname part of the address is a name for the local system, the user is who they claim to be.
A new parameter, S, indicates to use a Sender: field instead of a Source-Info: field, and also causes conflicting Sender: fields in the submitted header to be elided.
Both lower and upper case characters are now used in queue file names and message-IDs. This allows up to 2704 messages to be queued by a single instance of submit. submit will refuse to accept further messages after that point. submit previously would use only lower case letters, and would use non-ASCII characters after those ran out.

Improvements to the local delivery channel: maildelivery(F)

The following changes have been made to maildelivery(F):

Messages piped into processes via pipe aliases or the "Pipe" action in a user's .maildelivery file are now prefixed with a "From" header. This is important for various mail-processing applications, like procmail, elm's filter, and mailman. Any workarounds (like preline) that add a pseudo-"From " line should be removed.
Variables (like $(address), $(sender), and $(reply-to)) used in .maildelivery Pipe actions that expand to nothing are now replaced with an empty argument instead of being elided.

Improvements to the smtp channel

The following changes have been made to the smtp channel and are documented in the newly added smtp(ADM) and smtpd(ADM) manual pages:

Interpretation of SMTP response codes is now compliant with RFC1123. All 5xx codes are taken to be indications of permanent failure. Failure codes in the initial greeting message and in the response to a HELO are recognized.
The port number given for smtp in /etc/services will be used. The default is 25.
Two new timing parameters control the behavior of the smtp channel when connecting to a remote SMTP server to deliver an outbound message:
- open_timeout
- 220_timeout
See the smtp(ADM) manual page for more information.
Per RFC2505, the SMTP channel can be configured to reject messages with a return address (envelope sender) that contains a domain name that does not resolve in a manner that would allow mail to be sent to it, meaning that the message could not be bounced if necessary. This is done with the vrfy_sender_domain confstr parameter.
A colon-separated list of hostnames/addresses that should be treated as though they do not actually exist can be given with the no_such_domain_hosts confstr parameter. This is used in conjunction with the vrfy_sender_domain parameter. See the new smtpd(ADM) manual page for more information.

Improvements to the badusers channel

The badusers channel is intended to map usernames on the local host to the same usernames on a different host. It intentionally strips the hostname from the recipient address when it does this mapping so that the destination host will treat the recipients as local users. However, it is now common for mail systems to be configured to refuse to accept a recipient address that contains only a user name. If the badusers channel is used to forward mail to a host that is not under the control of the same administrator (for example, a host that is doing virtual mail hosting), this may present a problem. To resolve this, the badusers channel has two new confstr parameters, keepdomain and defdomain. Refer to submit(ADM) for more information.

Improvements to the uucp channel: rmail(ADM)

rmail(ADM) is now executable by group uucp, and not other, to prevent the authority of the UUCP system to inject messages with any sender name from being used by local users. It is possible that some extremely old software expects to be able to use rmail to inject messages locally. If this is the case, change the mode of /usr/bin/rmail to allow others to execute it:

chmod o+x /usr/bin/rmail

Improvements to cleanque(ADM)

cleanque(ADM) no longer sends warnings about messages that were queued with the no-return flag. cleanque also has a new command line option (-t) that displays the actions it would take on queued messages without actually doing anything.

List of problems fixed

SCO OpenServer Release 5.0.7 Maintenance Pack 3 contains the following bug fixes:

fdisk(ADM) no longer writes the partition table with the kernel cached copy when just viewing the table.
fz529555
Fixed a security vulnerability caused by a misconfiguration of the Apache server that allowed remote users to view any publicly readable file.
fz528125/erg712368/CAN-2003-0658/CSSA-2003-SCO.16
A series of vulnerabilities in the SSL/TLS library that could allow DOS attacks were addressed in OpenSSL 0.9.7d.
fz529412/CAN-2004-0079/CAN-2004-0112/CAN-2004-0081
Fixed a problem where the ct utility fialed to display a login prompt after dialback.
fz300580
uucpd(ADMN) now accepts other paths for uucico and now logs login successes/failures via syslog.
fz529101
uucico(ADM) no longer dumps core on large files when using t protocol over satellite connection.
fz527175
When creating a filesystem name longer than 7 characters in divvy(ADM) during install or after install, all the letters after the 7th would appear in the FS TYPE column. This has been fixed.
fz528538
The netconfig "Add new LAN adapter" option no longer displays LAN cards that are already configured.
fz527523/erg712306
Fixed problem where Xsco failed to start properly with non-C locales with certain graphics chips.
fz528991
Support for the X authorization protocols has been added for X sessions that are not started by scologin.
fz520452/erg712002/CAN-2004-0390/SCOSA-2004.5
smtpsrvr de-referenced a null pointer and core dumped in response to certain DNS failures when attempting to resolve the source hostnames. This has been fixed.
fz527610
The shutdown(ADM) utility once again displays times in a meaningful format.
fz529090
mailx(C) would hang if execmail died unexpectedly. This has been fixed.
fz529102
A fix was made to prevent a potential panic in getsockopt().
fz528029
setcontext() now restores the EDX register correctly.
fz528232
A buffer overflow with the Xsco -co option has been fixed.
fz520528/erg712006/CAN-2002-0155/CSSA-2003-SCO.26
uudecode(C) now checks if the specified output is a symlink or pipe.
fz527541/erg712054
A panic lock timeout from vdsendbuf+53 during vdisk repair was fixed.
fz527937/erg712320
Several buffer overflows were fixed in the processing of the font.alias files in Xsco(X).
fz528866/erg712547
A problem where the X server would allow access to any shared memory on the system has been fixed.
fz520242 / erg711972 / CAN-2002-0164 / CSSA-2003-SCO.26
A problem in the SCO Internet Manager (mana) that let local users gain root level privileges was fixed.
fz528244 / erg712420 / CAN-2003-0742 / CSSA-2003-SCO.19
Multiple buffer handling problems were fixed in OpenSSH.
fz528324 / erg712436 / CAN-2003-0693 / CAN-2003-0786 / CAN-2003-0695 / CAN-2003-0682 / CSSA-2003-SCO.24
A number of security issues were fixed in Apache.
fz527514 / erg712258 / fz528422 / erg712464 / fz528484 / erg712486 / fz528487 / erg712489 / fz527929 / erg712354 / CAN-2003-0192 / CAN-2003-0542 / CAN-2002-1396 / CAN-2003-0166 / CAN-2003-0442 / CSSA-2003-SCO.28
Several security issues were fixed in the OpenSSL and zlib components of gwxlibs.
fz528382 / erg712448 / fz527506 / erg712256 / fz527489 / erg712252 / CAN-2003-0543 / CAN-2003-0544 / CAN-2003-0545 / CAN-2003-0131 / CAN-2003-0107 / CSSA-2003-SCO.29
A cross-site scripting vulnerability in the CGI.pm perl module was fixed.
fz528215 / erg712409 / CAN-2003-0615 / CSSA-2003-SCO.30
Various buffer overflows and other security issues were fixed in MMDF.
fz528322 / erg712434 / SCOSA-2004.7
pmwm and mwm(XC) were fixed to allow the key binding for <Ctrl>-<Alt>-<Shift>-1 to be changed or disabled.
fz528631 / erg712515
A system hang was fixed. It was caused by strd looping and trying to allocate memory for message headers when the mblock table was full. fz527661 / erg712281
A number of security issues were fixed in Mozilla.
fz528708 / erg712531 / SCOSA-2004.8
getty(M) now includes a -r option that prevents it from dropping DTR and resetting the termio modes at startup. This was the default behavior in OpenServer 5.0.6 but it was changed in OSR5.0.6a. The -r option can be used to revert to the OpenServer 5.0.6 behavior. Some third-party applications wait for incoming calls, initialize the termio parameters, and then invoke getty to initiate a login session. In this case, to avoid dropping connections when getty is invoked, the -r option should be used by editing both /etc/inittab and the appropriate file under /etc/conf/init.d (for standard serial ports, this would be /etc/conf/init.d/sio) and adding the -r option to the getty lines that should have their behavior modified.
fz527207 / erg712222

Maintenance Pack 1 included the following bug fixes:

A remotely exploitable off-by-one bug was fixed in the wu-ftp FTP sender.
fz528115 / erg712363 / CAN-2003-0466 / CSSA-2003-SCO.20
A problem that prevented kernel builds from succeeding if $ROOT was longer than 60 characters has been fixed.
The licensing system has been corrected so that the brand(ADM) command now recognizes pre-Release 5.0.7 User and CPU licenses. In addition, the Licensing Policy Manager Daemon (sco_pmd) has been fixed so that system restores now correctly restore the SCO System ID. This fix makes the OSS646 supplement obsolete and unnecessary.
fz527794
A panic was corrected in the HTFS filesystem driver. This panic sometimes occurred when mounting an AFS, EAFS, or HTFS filesystem with less than 42Kbytes of free space.
fz527790
A problem on USB keyboards where typed characters sometimes repeated has been fixed. This problem tended to occur on IBM^® Blade servers with a built-in AT-to-USB keyboard adapter.
fz527743
Fixed a null dereferencing problem in MMDF.
fz527660
Changed MMDF format specs so that the date registered in email headers is padded with a leading zero if the message is sent in a single-digit hour (between 1:00 and 9:00). This addresses the problem of some anti-spam applications assigning high spam scores to messages simply because the format of the hour in the date header does not match the applications' good-date-header test, which expects hours to be represented in double-digits.
Fixed a security vulnerability in the sendmail binary that could be exploited by remote users to gain root access.
fz527482/erg712245/CSAA-2003-SCO.6
The chmod(C) command was modified so it does not apply changes to files if permissions are already correct. This modification may significantly improve performance, especially over an NFS mount, of commands like:

chmod -R +r /data
The crontab(C) command has been corrected to always exit with an error status if it fails, or zero (no error) status if it succeeds.
fz300043
Fixed the ps(C) command so the -o pcpu option reports an accurate value.
fz527713
A problem was corrected which caused uudecode(C) to dump core when decoding from standard input.
fz527731
A buffer overflow in the wordwrap() function in releases of PHP previous to version 4.3.0 and later than version 4.1.2 has been fixed. Under certain circumstances, this buffer overflow created a security vulnerability.
fz527514 / erg712258
Fixed a security vulnerability where a TCP/IP socket could become permanently stuck in a SYN_SENT state, thereby making the system vulnerable to a denial-of-service attack.
fz526775 / erg712173 / erg711405
The problem of data transfers not always working if the FTP daemon was configured in /etc/services to run on a non-standard port or if the daemon was invoked with the -P argument has been fixed.
fz527753
The telnetd(ADMN) command now has a -r option to specify which pseudo-terminals (ptys) to use, which is useful in the following situations:
- Restrict telnetd to using ptys in a given range, so that other ptys can be dedicated to other functions.
- Assign a telnetd that is bound to a particular non-standard port a specific pty so that a login on that port will always get the same pty name (as required by some older applications created when hard-wired serial terminals were the norm).
See telnetd(ADMN) for more information.
fz527717 / erg712178
Integer overflow vulnerabilities were corrected in SUNRPC adr_array(), xdrmem_getbytes(), and related functions. Theoretically, these vulnerabilities could be exploited to gain a privilege escalation.
fz525724 / fz526830 / erg501641 / erg712178 / CA-2002-25 / CAN-2002-0391 / CAN-2003-0020
A buffer overflow in BIND that could lead to security vulnerabilities has been fixed.
fz526617 / erg712158 / CSSA-2003-SCO.17 / CAN-2002-1219
Fixed some minor problems in the PPP Connection Wizard interface.
Fixed an SMP problem where PCI interrupt sharing was broken when one or more of the drivers sharing an interrupt was able to handle the interrupt on any processor. Symptoms of this problem included spurious and lost interrupts.
fz526928
Fixed a panic that occurred when booting a system with SMP installed. The panic occurred most commonly in kmem_alloc() while the /etc/sysdump -qi /dev/swap -o /dev/swap command was running in a different process. Typically, this problem was encountered on systems with large swap areas (around 2.5GB) and the usb_ohci driver enabled.
fz527402
Fixed a problem that caused the Mylex/BusLogic blc SCSI HBA driver to fail when booting with SMP installed. The error message produced in this situation was:
```
   WARNING:  apic - no BIOS information found for irq IRQ_NUM
```
Fixed a number of bugs in SCO OpenServer Development System header files and tools.
fz527564 / fz527644 / fz527678
The C Compilation Subsystem (CCS) has been updated to be more strictly gABI compliant. This includes changes to the assemblers, link editors, and startup files to support the special .init_array and .fini_array sections in ELF programs that certain third-party C++ compilers use.
fz527038 / fz527718
Security vulnerabilities were fixed in BIND.
fz528463 / erg712478 / VU#734644
Security vulnerabilities were fixed in OpenSSL.
fz529412 / erg712603 / CAN-2004-0079 / CAN-2004-0112 / CAN-2004-0081
A security issue was fixed in Apache related to mod_digest.
fz528952 / erg712565 / CAN-2003-0987

Maintenance Pack notes and limitations

The following notes and limitations apply to the SCO OpenServer Release 5.0.7 Maintenance Pack 3:

On SCO OpenServer Release 5.0.7 Host systems where networking is only configured for loopback (or network configuration is deferred at installation), the Apache webserver fails to start. (Docview does start and appears to be running.)
There are two workarounds for this problem:
1. Comment out the following lines in /usr/lib/apache/httpd.conf:
```
   LoadModule unique_id_module   libexec/mod_unique_id.so
   AddModule mod_unique_id.c
```
2. Set the hostname to the loopback address in /etc/hosts:
```
   127.0.0.1      yourhostname
```
After installing SCO OpenServer Release 5.0.7 Maintenance Pack 3, you may need to update a few configuration files that are part of the GIMP Toolkit (GTK+) and necessary for operation of Mozilla. Some of the path names in the default configuration have changed, but the upgrade process does not modify these files automatically because you may have customized them for your own purposes.
Each file has a default file in the same directory. For most sites, you can simply copy the new default file to the data file. If you have loaded extra objects into these data directories, you may need to run a special command to produce the correct configuration file. The files affected are:
/etc/pango/pango.modules
To regenerate this file if you have added extra modules, use the command pango-querymodules after the upgrade and redirect the output of that program to this file. If you have not added any Pango modules, simply execute:

cp pango.modules.default pango.modules

/etc/gtk-2.0/gtk.immodules
Regenerate this file using the command gtk-query-immodules-2.0, or copy the default using the command:

cp gtk.immodules.default gtk.immodules

/etc/gtk-2.0/gdk-pixbuf.loaders
Regenerate this file using the command gdk-pixbuf-query-loaders, or copy the default file using the command:

cp gdk-pixbuf.loaders.default gdk-pixbuf.loaders

/etc/pango/pango.aliases
If you have made changes, you may need to examine the new default file to see if there are specific changes you want to merge into your configuration file; otherwise copy the default file using the command:

cp pango.aliases.default pango.aliases

/etc/pango/pangorc
If you have made changes, you may need to examine the new default file to see if there are specific changes you want to merge into your configuration file; otherwise copy the default file using the command:

cp pangorc.default pangorc

/etc/pango/pangox.aliases
If you have made changes, you may need to examine the new default file to see if there are specific changes you want to merge into your configuration file; otherwise copy the default file using the command:

cp pangox.aliases.default pangox.aliases

/usr/lib/php.ini
This file also has an updated default file named /usr/lib/php.ini-dist. If you are not an SCO Update Service customer and you copy the updated file over the existing php.ini file, please note that PHP will fail to load unless you comment out the PostgreSQL module. This can be found on line 552 of the default file:
```
   extension=libpgsql.so
```
To comment out this entry, simply insert a semicolon (;) at the beginning of the line.
Previously, the icons in /usr/lib/apache/icons did not display in Apache because the icon directory and files are symbolic links. This also prevented test scripts located in /usr/lib/apache/cgi-bin from running properly. To correct these problems, the FollowSymLinks option has been added to the /usr/lib/apache/conf/httpd.conf.default file. If no modifications were made to the original file, you can copy the default file to /usr/lib/apache/conf/httpd.conf. If you have customized the httpd.conf file, you must incorporate the change manually, as shown here:
```
   <Directory "/usr/lib/apache/icons">
      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      Order allow,deny
      Allow from all
   </Directory>
```
```
   <Directory "/usr/lib/apache/cgi-bin">
      AllowOverride None
      Options FollowSymLinks
      Order allow,deny
      Allow from all
   </Directory>
```
You will not be able to use the SCO Update feature in the Software Manager if you are behind a firewall that prevents incoming FTP connections (i.e., the use of passive FTP is required). If you try to connect to the SCO Update server in this situation, the Software Manager displays the following timeout message after a few minutes:
```
   Unable to initialize device
```
A fix for this problem will be made available in a future supplement or release.
If you did not install MP1 and you completed a backup of your system prior to installing Maintenance Pack 3 or the SCO OpenServer Release 5.0.7 Licensing Update (SLS OSS656B), you should refresh the backup after you complete the installation of Maintenance Pack 3.
If you need to restore a system using a backup that was created prior to the installation of Maintenance Packs 1, 3, or OSS656B, the Licensing Policy Manager Daemon (sco_pmd) may not start. If you experience this, log in as root, put the system in single-user mode, and run the following:

brand -B oyrarg

Afterwards, reboot your system; the sco_pmd daemon will now be able to start.
If you encounter a situation where you need to stop the Licensing Policy Manager Daemon (sco_pmd) -- for example, you are migrating a system on the network to new hardware and you start receiving duplicate license violations -- be sure to use the following command for an orderly shutdown:

sco_pmd -s

For more information on sco_pmd, including how to start and stop the daemon, see the sco_pmd(ADM) manual page.

Several tunable parameters for the System V Inter Process Communications (IPC) shared memory and semaphore facilities have been updated. The default settings were raised to values which should accommodate most commercial and open source databases without additional tuning. The maximum values of several parameters were also raised. The changes increase kernel memory usage by approximately 33K.

Installation of this Maintenance Pack raises the default and maximum values of these parameters as follows:

Parameter name Previous default Previous maximum New default New maximum

SEMMAP 10 - 256 -

SEMMNI 10 - 384 -

SEMMNS 60 - 512 -

SEMMNU 30 100 150 8192

SEMMSL 25 - 50 -

SEMOPM - 10 - 1024

SEMUME - 10 - 25

SHMMAX 524288 - 10485760 -

SHMMNI 100 - 200 -

Parameter name	Previous default	Previous maximum	New default	New maximum
SEMMAP	10	-	256	-
SEMMNI	10	-	384	-
SEMMNS	60	-	512	-
SEMMNU	30	100	150	8192
SEMMSL	25	-	50	-
SEMOPM	-	10	-	1024
SEMUME	-	10	-	25
SHMMAX	524288	-	10485760	-
SHMMNI	100	-	200	-

Individual parameters that have already been set higher than these values are not changed.

Footnotes