Dear SCO Customer,
This CD contains UnixWare 7.1.4 Maintenance Pack 1. This Maintenance Pack contains important fixes to your UnixWare system and should be applied at your next maintenance period.
The UnixWare 7.1.4 Maintenance Pack 1 should only be installed on:
UnixWare 7.1.4
If you are performing an in place upgrade to UnixWare 7.1.4 from UnixWare 7.1.1, UnixWare 7.1.2 (Open UNIX 8.0.0), or UnixWare 7.1.3, you must reboot the system after upgrading and before installing this maintenance pack.
This maintenance pack consists of several sets and packages. An install.sh script is provided to simplify installation, as described in the Installation Instructions, below. Use of this script is highly recommended.
The install.sh script installs the following:
Alternatively, with care you can install the packages individually. However, you should note the following:
The uw714mp1 (UnixWare 7.1.4 Maintenance Pack 1) set is required for all systems.
The following packages are required to be updated, that is you need to install them if you have an earlier version installed on the system.
The following packages are strongly recommended:
The following packages are optional:
If you did not install some of the above packages when initially installing UnixWare 7.1.4, and you want to do so now, you can use the install.sh script to install these packages. You do not need to first install the original UnixWare 7.1.4 version. Please refer to the Installation Instructions, below.
uw714mp1 is a set and contains the following packages:
| uw714m1 | UnixWare 7.1.4 Maintenance Pack 1 package |
| libc | Runtime C Library package, version 8.0.2a |
| libthread | Runtime Thread Library package, version 8.0.2a |
| pam | Pluggable Authentication Modules, version 0.77 |
Installing uw714mp1 will update the libc and libthread runtime libraries as well as installing the uw714m1 and pam packages. The runtime libraries, once installed, are not removable.
After Installing UnixWare 7.1.4 Maintenance Pack 1, or on a later pkgadd, you may see this warning message:
Please reinstall the <uw714m1> package. Failure to do so may leave your system in an inconsistent state.
This means that one or more core packages updated by this maintenance pack were installed after installing the pack. So the uw714m1 package needs to be reinstalled to update your system. To do this mount the maintenance pack CD and type:
pkgadd -d /mount_point/images/uw714mp1.image uw714m1
Then reboot your system:
shutdown -i6 -g0 -y
If you are installing UnixWare 7.1.4 Maintenance Pack 1 on a system that was previously upgraded from UnixWare 7.1.1, you may see messages like the following after the installation of the libc, libthread and pam packages:
collect: Cannot write ./dfhAI1k7rZ007231 (bfcommit, uid=0, gid=3): Permission denied.
These messages can be safely ignored.
This maintenance pack contains security enhancements, including changes to numerous file and directory permissions. To obtain the full advantage of these enhancements on systems that contain the obsolete scohelp package, it is recommended that you remove the scohelp package prior to installing this maintenance pack. The SCOhelp documentation server has been replaced by DocView since UnixWare 7.1.3. If you have upgraded from a prior release, you can check for the existence of the scohelp package on your system with the command:
pkginfo scohelp
To remove the package, type the following command as root:
/etc/scohelphttp stop
Followed by:
pkgrm scohelp
This version of the maintenance pack supercedes the following supplements which may have been withdrawn from the download site:
ptf9050, the UnixWare 7.1.4 Licensing Supplement
For a list of issues that this Maintenance Pack addresses, please see the Comprehensive List of Problems Fixed, below.
If you have questions regarding this supplement, or the product on which it is installed, please contact your software supplier or support representative.
Log in as root.
If you are installing the maintenance pack from CD, insert the maintenance pack CD into the primary CD drive and type:
mount /dev/cdrom/cdrom1 /install
If you are installing this maintenance pack from the web or ftp site, download the uw714mp1.iso file to your server. In the directory where you downloaded the uw714mp1.iso file, type:
mount `marry -a uw714mp1.iso` /install
Change directory to /install:
cd /install
To install the required uw714mp1 set and update the supplemental packages on your system with the newer UnixWare 7.1.4 Maintenance Pack 1 versions, type:
./install.sh
or
./install.sh -v
The optional -v flag provides more status information during the
installation.
Note the modjk1 package is not installed by default; you will need to install this package separately if you require it.
If you instead want to individually install packages, run the following command:
./install.sh [packages]
where packages is one or more of the following:
| cups | required |
| openssh | required |
| samba | required |
| xcontrib | required |
| nics | strongly recommended |
| openssl | strongly recommended |
| xserver | strongly recommended |
| foomatic | optional |
| hpijs | optional |
| modjk1 | optional |
| openssld | optional |
| uccs | optional |
| uw7mpdoc | optional |
After all desired packages are installed, reboot the system by typing:
shutdown -i6 -g0 -y
Log in as root.
To remove the maintenance pack set (except for its library packages, which are not removable), type:
pkgrm uw714mp1
Note that removal of the uw714mp1 set is not recommended.
To remove the supplemental packages for this maintenance pack (i.e., the packages listed in Software Notes and Recommendations, except for the uw714mp1 set) and restore your system to its prior state:
Remove the supplemental package. Note that you may first need to remove any packages that depend on the supplemental package.
Reinstall the UnixWare 7.1.4 media kit version of the supplemental package.
Reinstall any other packages that you removed in A, above, that depend on the supplemental package you restored in B.
To avoid having to perform all these steps, we recommend that the supplemental packages, once installed, should not be removed.
After all the packages are removed, reboot the system by typing:
shutdown -i6 -g0 -y
The UnixWare 7.1.4 Maintenance Pack 1 set, uw714mp1, contains the following fixes:
The following UnixWare 7.1.4 functionality is now provided:
These features are described in the online documentation that is
provided with the uw7mpdoc package that accompanies this maintenance
pack. See the "New Features and Notes" section of the online documentation.
fz528611
fz529097
Intel microcode updates.
erg712621/ptf9050/fz529619
kcrash macros updates.
fz529663
Additional source files for DBA usage with MySQL provided by the SCOx
enablement package. Modified Makefile, eelsdba_mysql.c, initdb.mysql
and README are provided for use with latest MySQL Package.
fz529851
Enabled large file support in compress.
fz529876
SECURITY: Some files and directories were created incorrectly allowing
write permission to arbitrary users. Some system daemons were running
with a file creation mask (umask) set to 0.
fz528862
SECURITY: Security vulnerability issues in TCP are fixed according to
this IETF draft:
http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt.
erg712598/fz529384
SECURITY: Two new inconfig tunables have been introduced to address the TCP Rose Attack:
ip_maxfragpackets This is the maximum number of fragmented
packets that IP will accept. The default
is 800.
ip_maxfragsperpacket This is the maximum number of fragments per
packet that IP will accept. The default is 16.
Fixed panic on errant umem_free() in [g|s]etgroups_sco.
fz528775
Fixed a memory corruption bug caused by not stopping netbios when the
system was brought to init state 1.
ptf9050b/fz529565
Fixed process hangs due to race between exiting children and SIGCLD
processing in the parent.
erg712596/fz529361
Changed use of types u_[short,int,long] to u[short,int,long]_t in
<netinet/tcp.h> since the former are not always defined.
fz529581
The SHUT_RD, SHUT_WR, and SHUT_RDRW macros in <sys/socket.h> are defined only when at least one XOPEN-ish feature test macro is defined. This is counter to our "everything visible by default" model for headers.
The TOG SUS says that SHUT_* macros can be defined in general, so
there's no reason not to define these with no conditional inclusion
coverage.
fz529698
Under some circumstances, ppp can go into an infinite loop of read
calls in the libnsl ics_read_data() routine.
erg712620/fz529611
By the time pkgadd executes the preinstall script of a package, it
has already updated the contents file with the information from the
package's pkgmap file. Hence if the preinstall script is terminated
for some reason, the contents file is left in a bad state - the
files are not installed on the system but they are present in the
contents file. This has been fixed so that the contents file is not updated until
the files are installed.
fz519105
Fixed a problem where pkginstall, pkgremove and installf can
destroy the software contents file if it is already locked by another process.
fz198541
The license policy daemon ignores custom licenses from earlier
releases. For example, if your system license had previously included
extra users, not separately licensed but included in your original,
those users would be ignored. This has been fixed.
ptf9050a/fz529560
Bad parsing of some special strings in string-to-floating code.
(provided in libc version 8.0.2a)
fz529765
Oracle may hang while starting by going into an infinite loop in
libthread's thr_keycreate().
(provided in libthread version 8.0.2a)
erg712658/fz529884
Additional bug fixes and enhancements are provided with the supplemental packages that are distributed with UnixWare 7.1.4 Maintenance Pack 1, as described below.
The Updated Base System Guides (uw7mpdoc) package, version 7.1.4a, provides documentation for the PAM, encrypted file system, modjk1, and Samba features delivered with uw714mp1 and its supplemental packages.
The following supplemental packages have been updated to enable support for PAM. They can only be installed if the pam package (contained in uw714mp1 set) is installed:
OpenSSH has been updated to version 3.8.1p1 to enable PAM.
fz528611
SECURITY: OpenSSH only gives significance to the first 8 characters
of a password. This was fixed by enabling PAM in OpenSSH 3.8.1p1.
erg712648/fz529827
Samba has been updated from version 3.0.0 to 3.0.4 to enable PAM and
to provide multibyte support.
fz529665
Swat server status page shows smbd "not running" even when it is.
fz528969
A time delay of 1 sec in dlpiclose() was causing some applications,
e.g. getmany (accessing mib-2 table) to consume large amounts of CPU
time. This time-delay ensured that all in-transit packets were
processed before closing the SAP.
This delay is removed and the code reworked to use message based synchronization during closedown.
dlpiclose() now constructs a M_CTL packet containing a message
of type dl_ctlmsg_t. This message contains DLPI primitive set as
DL_CLOSESAP and a pointer to the SAP structure.
This message is enqueued at the DLPI lower read queue so that
dlpilrsrv will handle it. It then goes to sleep. When dlpilrsrv
receives this message, it is assured that all messages before it have
been sent upstream, i.e. there are no in-transit packets. dlpilrsrv
signals dlpiclose to close the SAP.
erg712282/fz526486
SECURITY: OpenSSL (openssl) has been updated to version 0.9.7d to fix
security issues with earlier versions.
erg712602/fz529411
The OpenSSL Documentation - Secure Sockets Layer / TLS Cryptography Toolkit (openssld) package, version 0.9.7d, provides the updated documentation for the openssl version 0.9.7d package.
SECURITY: Some files and directories were created incorrectly allowing
write permission to arbitrary users. Some system daemons were running
with a file creation mask (umask) set to 0.
fz528862
Fixed obscure corruption of a few data files.
fz529615
Provides the modjk connector for Apache 1 and Tomcat. Apache 2 users do not need this package.
Note: This package is not installed by default.
Customers requiring this functionality should install the modjk1 package from the UnixWare 7.1.4 Maintenance Pack CD by running:
cd mount_point ./install.sh modjk1
This package will not conflict with modjk for Apache 2 & Tomcat as
the library is installed in a different location.
fz529629
With the introduction of NSS, SCO has changed some existing APIs and added some new APIs to support NSS. Customers building binaries that use these APIs will find that their compile will fail with undefined symbol references similar to the following:
Undefined first referenced symbol in file getspnam_r libperl.so getpwent_r libperl.so getgrent_r libperl.so
Note: This problem is only seen in systems upgraded from earlier UnixWare releases to UnixWare 7.1.4.
C compiler bug fixed.
In -Xt mode, the compiler may incorrectly attempt to combine two
typedef's that are not numeric types.
erg712635/fz529721
Make command bug fixed.
$(XD:str=rep) broken, where X is any of the @*<%?
special characters.
erg712665/fz529930
The following files are updated or installed by the uw714m1 package:
/etc/conf/pack.d/inet/Driver_atup.o /etc/conf/pack.d/inet/Driver_mp.o /etc/conf/pack.d/inet/space.c /etc/conf/pack.d/nb/Driver_atup.o /etc/conf/pack.d/nb/Driver_mp.o /etc/conf/pack.d/nbclts/Driver_atup.o /etc/conf/pack.d/nbclts/Driver_mp.o /etc/conf/pack.d/nbcots/Driver_atup.o /etc/conf/pack.d/nbcots/Driver_mp.o /etc/conf/pack.d/proc/Driver_atup.o /etc/conf/pack.d/proc/Driver_mp.o /etc/conf/pack.d/svc/Driver_atup.o /etc/conf/pack.d/svc/Driver_mp.o /etc/crash /etc/dcopy /etc/dinit.d/S80lp /etc/docview /etc/eels/src/eelsdba/Makefile-scox /etc/eels/src/eelsdba/README /etc/eels/src/eelsdba/eelsdba_mysql_scox.c /etc/eels/src/eelsdba/initdb.mysql-scox /etc/ff /etc/fsck /etc/imapd /etc/init.d/eelsrc /etc/init.d/license /etc/init.d/lp /etc/init.d/snmp /etc/init.d/z35SysInfo /etc/mail/slocal /etc/mkfs /etc/mount /etc/ncheck /etc/p6updata /etc/pam.d/dtlogin.build /etc/pam.d/dtsession.build /etc/pam.d/ftp.build /etc/pam.d/login.build /etc/pam.d/mail.build /etc/pam.d/passwd.build /etc/pam.d/rexec.build /etc/pam.d/rlogin.build /etc/pam.d/rsh.build /etc/pam.d/su.build /etc/pam.d/telnet.build /etc/popper /etc/rc0.d/K20lp /etc/rc0.d/K70eels /etc/rc1.d/K20lp /etc/rc1.d/K67snmp /etc/rc1.d/R10license /etc/rc1.d/S70eels /etc/rc2.d/S70eels /etc/rc2.d/S73snmp /etc/rc2.d/S95docview /etc/scsi/pdi_hot /etc/scsi/pdimkdev /etc/scsi/pdimkdtab /etc/scsi/sdighost /etc/scsi/sdipath /etc/volcopy /sbin/devnm /sbin/df /sbin/fsck /sbin/fsdb /sbin/mkfs /sbin/mount /sbin/putdev /sbin/sdimkdev /sbin/sdipath /sbin/su /usr/bin/compress /usr/bin/ddbconv /usr/bin/devattr /usr/bin/devfree /usr/bin/devreserv /usr/bin/df /usr/bin/getdev /usr/bin/getdgrp /usr/bin/getvol /usr/bin/login /usr/bin/mailcheck /usr/bin/mailx /usr/bin/passwd /usr/bin/pkginfo /usr/bin/pkglist /usr/bin/pkgmk /usr/bin/pkgparam /usr/bin/pkgtrans /usr/bin/putdev /usr/bin/su /usr/bin/uncompress /usr/bin/zcat /usr/dt/bin/dtfile /usr/dt/bin/dtsession /usr/dt/lib/libpam.so.1 /usr/include/netinet/ip_var.h /usr/include/netinet/tcp.h /usr/include/netmgt/snmp.h /usr/include/sys/socket.h /usr/lib/crash/libkcrash.so /usr/lib/crash/macros/buf.k /usr/lib/crash/macros/e1008g.k /usr/lib/crash/macros/eeE8.k /usr/lib/crash/macros/file.k /usr/lib/crash/macros/info.k /usr/lib/crash/macros/inode.k /usr/lib/crash/macros/ipc.k /usr/lib/crash/macros/loadmacs /usr/lib/crash/macros/net.k /usr/lib/crash/macros/page.k /usr/lib/crash/macros/pm.k /usr/lib/crash/macros/proc.k /usr/lib/crash/macros/sertty.k /usr/lib/crash/macros/stack.k /usr/lib/crash/macros/stat.k /usr/lib/crash/macros/stream.k /usr/lib/crash/macros/trace.k /usr/lib/crash/macros/ufs.k /usr/lib/crash/macros/vm.k /usr/lib/crash/macros/vnode.k /usr/lib/crash/macros/vxfs.k /usr/lib/iaf/in.login/scheme /usr/lib/iaf/login/scheme /usr/lib/libadm.a /usr/lib/libnsl.so /usr/lib/libnsl.so.1 /usr/lib/libxti.so /usr/lib/scoadmin/filesystem/filesystemOsa /usr/sadm/install/bin/pkginstall /usr/sadm/install/bin/pkgremove /usr/sadm/sysadm/bin/mkdtab /usr/sbin/crash /usr/sbin/cs /usr/sbin/dcopy /usr/sbin/df /usr/sbin/disksetup /usr/sbin/edquota /usr/sbin/fdisk /usr/sbin/ff /usr/sbin/fsck /usr/sbin/hostmibd /usr/sbin/in.ftpd /usr/sbin/in.inetinst /usr/sbin/in.rexecd /usr/sbin/in.rshd /usr/sbin/in.snmpd /usr/sbin/installf /usr/sbin/labelit /usr/sbin/mkfs /usr/sbin/mount /usr/sbin/ncheck /usr/sbin/partsize /usr/sbin/pkgadd /usr/sbin/pkgask /usr/sbin/pkgcat /usr/sbin/pkgchk /usr/sbin/pkgcopy /usr/sbin/pkginstall /usr/sbin/pkgrm /usr/sbin/prtconf /usr/sbin/quot /usr/sbin/quota /usr/sbin/quotacheck /usr/sbin/quotaoff /usr/sbin/quotaon /usr/sbin/removef /usr/sbin/repquota /usr/sbin/sco_pmd /usr/sbin/switchout /usr/sbin/volcopy
These are the Escalation tracking numbers for the fixes included in this maintenance pack:
erg712596/fz529361 erg712598/fz529384 erg712605/fz529414 erg712620/fz529611 erg712621/ptf9050/fz529619 erg712635/fz529721 erg712658/fz529884 ptf9050a/fz529560 ptf9050b/fz529565 fz198541 fz519105 fz528611 fz528775 fz529097 fz529581 fz529663 fz529698 fz529765 fz529851 fz528862 fz529876 erg712282/fz526486 (fix provided in the nics package) erg712602/fz529411 (fix provided in the openssl package) erg712635/fz529721 (fix provided in the uccs package) erg712648/fz529827 (fix provided in the openssh package erg712665/fz529930 (fix provided in the uccs package) fz528862 (fix provided in the xserver package) fz528969 (fix provided in the samba package) fz529615 (fix provided in the foomatic and hpijs packages) fz529629 (fix provided in the modjk1 package) fz529665 (fix provided in the samba package)
© Copyright 2004 The SCO