UnixWare 7.1.4+ Installation and Update Guide

SCO UnixWare 7.1.4+ includes all maintenance posted to the web since Maintenance Pack 4 plus additional maintenance as documented in Section 9.5

SCO UnixWare 7.1.4+ Virtualization Extensions

SCO UnixWare 7.1.4+ is the first release of SCO UnixWare 7.1.4 optimized to run in a VMware Virtual Machine environment. It ships with a package of Virtualization Extensions that facilitate the delivery of the product as a Virtual Appliance. This package provides support for:

VMware Tools

SCO UnixWare 7.1.4+ ships with the April 2011 release of the Open Virtual Machines Tools (open-vm-tools) package. This package adds tools to improve integration between SCO UnixWare 7.1.4+ and the host VMware system.

§9: Problems Fixed in each Update

1. Problems Fixed in Maintenance Pack 1
2. Problems Fixed in Maintenance Pack 2
3. Problems Fixed in Maintenance Pack 3
4. Problems Fixed in Maintenance Pack 4
5. Problems Fixed in Update 714+

§9.1: Problems Fixed in Maintenance Pack 1:

  The UnixWare 7.1.4 Maintenance Pack 1 set (uw714mp1) contains the
  following fixes. These fixes are also included in the UnixWare 7.1.4+
  Update set (uw714plus).

  o uw714m1 package fixes:

    Feature and usability enhancements:

     1. The following UnixWare 7.1.4 functionality is now provided:

        o Pluggable authentication modules (PAM) support
        o Encrypted file system support

        These features are described in the online documentation that is
        provided with the uw7mpdoc package that accompanies this maintenance
        pack. See the "New Features and Notes" section of the online
        documentation.
        fz528611 fz529097

     2. Intel microcode updates.
        erg712621/ptf9050/fz529619

     3. kcrash macros updates.
        fz529663

     4. Additional source files for DBA usage with MySQL provided with the
        SCOx enablement package. Modified Makefile, eelsdba_mysql.c,
        initdb.mysql and README are provided for use with latest MySQL
        package.
        fz529851

     5. Enabled large file support in compress.
        fz529876

    Security improvements:

     6. SECURITY: Some files and directories were created incorrectly
        allowing write permission to arbitrary users. Some system daemons
        were running with a file creation mask (umask) set to 0.
        fz528862

     7. SECURITY: Security vulnerability issues in TCP are fixed according
        to this IETF draft:
        http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt
        erg712598/fz529384

     8. SECURITY: Two new inconfig tunables have been introduced to address
        the TCP Rose Attack:

        o ip_maxfragpackets:
          This is the maximum number of fragmented packets that IP will
          accept.  The default is 800.

        o ip_maxfragsperpacket:
          This is the maximum number of fragments per packet that IP will
          accept. The default is 16.

        erg712605/fz529414 SCOSA-2005.14

    Reliability improvements:

     9. Fixed kernel panic on errant umem_free() in [g|s]etgroups_sco.
        fz528775

    10. Fixed a memory corruption bug caused by not stopping netbios when
        the system was brought to init state 1.
        ptf9050b/fz529565

    11. Fixed process hangs due to race between exiting children and SIGCLD
        processing in the parent.
        erg712596/fz529361

    Networking improvements:

    12. Changed use of types u_[short,int,long] to u[short,int,long]_t in
        <netinet/tcp.h> since the former are not always defined.
        fz529581

    13. The SHUT_RD, SHUT_WR, and SHUT_RDRW macros in <sys/socket.h> are
        defined only when at least one XOPEN-ish feature test macro is
        defined. This is counter to our "everything visible by default"
        model for headers.

        The TOG SUS says that SHUT_* macros can be defined in general, so
        there's no reason not to define these with no conditional inclusion
        coverage.
        fz529698

    14. Under some circumstances, ppp could go into an infinite loop of read
        calls in the libnsl ics_read_data() routine.
        erg712620/fz529611

    Installation tools improvements:

    15. By the time pkgadd executes the preinstall script of a package, it
        has already updated the contents file with the information from the
        package's pkgmap file. Hence if the preinstall script is terminated
        for some reason, the contents file is left in a bad state - the
        files are not installed on the system but they are present in the
        contents file. This has been fixed so that the contents file is not
        updated until the files are installed.
        fz519105

    16. Fixed a problem where pkginstall, pkgremove and installf can destroy
        the software contents file if it is already locked by another
        process.
        fz198541

    Licensing improvements:

    17. The license policy daemon ignores custom licenses from earlier
        releases. For example, if your system license had previously
        included extra users, not separately licensed but included in your
        original, those users would be ignored. This has been fixed.
        ptf9050a/fz529560

  o Runtime C Library (libc) version 8.0.2a fixes:

    18. Bad parsing of some special strings in string-to-floating code.
        fz529765

  o Runtime Thread Library (libthread) version 8.0.2a fixes:

    19. Oracle may hang while starting by going into an infinite loop in
        libthread's thr_keycreate().
        erg712658/fz529884

  Additional bug fixes and enhancements were provided with the supplemental
  packages that were distributed with UnixWare 7.1.4 Maintenance Pack 1.
  These fixes are also included in the supplemental packages provided with
  UnixWare 7.1.4 Maintenance Pack 4.

  o Documentation:

     1. The Updated Base System Guides (uw7mpdoc) package, version
        7.1.4a, provides documentation for the PAM, encrypted file system,
        modjk1, and Samba features delivered with uw714mp1 and its
        supplemental packages.

  o PAM:

     2. The following supplemental packages have been updated to enable
        support for PAM. They can only be installed if the pam package
        (contained in uw714mp4 set) is installed:

        cups     - Common Unix Printing System, version 1.1.19-02
        openssh  - Open Secure Shell, version 3.8.1p1
        samba    - SMB based file/printer sharing, version 3.0.4
        xcontrib - X11R6 Contributed X Clients, version 8.0.2a

  o The Foomatic Filters and PPDs (foomatic) package, version 3.0.0-02,
    and the HP Inkjet Printer Driver (hpijs) package, version 1.5-01,
    contain this fix:

     3. Fixed obscure corruption of a few data files.
        fz529615

  o The Netdriver Infrastructure and Configuration Subsystem (nics)
    package, version 8.0.2a, contains this fix:

     4. A time delay of 1 sec in dlpiclose() was causing some applications,
        e.g. getmany (accessing mib-2 table) to consume large amounts of CPU
        time. This time delay ensured that all in-transit packets were
        processed before closing the SAP.

        This delay is removed and the code reworked to use message based
        synchronization during closedown.

        dlpiclose() now constructs a M_CTL packet containing a message of
        type dl_ctlmsg_t. This message contains DLPI primitive set as
        DL_CLOSESAP and a pointer to the SAP structure.

        This message is queued at the DLPI lower read queue so that
        dlpilrsrv will handle it. It then goes to sleep. When dlpilrsrv
        receives this message, it is assured that all messages before it
        have been sent upstream, i.e., there are no in-transit packets.
        dlpilrsrv signals dlpiclose to close the SAP.

        erg712282/fz526486

  o The Open Secure Shell (openssh) package, version 3.8.1p1, contains
    these fixes:

     5. OpenSSH has been updated from version 3.7.1p2 to 3.8.1p1 and
        support for PAM has been enabled.

        Please see the openssh website for the list of changes.
        http://www.openssh.com/

        fz528611

     6. SECURITY: OpenSSH only gives significance to the first 8
        characters of a password.
        erg712648/fz529827 SCOSA-2005.19

  o The OpenSSL - Secure Sockets Layer / TLS Cryptography Toolkit
    (openssl) package, version 0.9.7d, contains this fix:

     7. SECURITY: OpenSSL has been updated from version 0.9.7c to 0.9.7d to
        fix several security issues with the earlier version.

        Please see the openssl website for the list of changes.
        http://www.openssl.org/

        erg712602/fz529411 SCOS-2005.7

  o The OpenSSL Documentation (openssld) package, version 0.9.7d, provides
    the updated documentation for the openssl package version 0.9.7d.

  o The SMB based file/printer sharing (samba) package, version 3.0.4,
    contains these fixes:

     8. Samba has been updated from version 3.0.0 to 3.0.4 to enable PAM
        and to provide multibyte support.

        Please see the samba website for the list of changes.
        http://www.samba.org/samba/

        fz529665

     9. Swat server status page shows smbd "not running" even when it is.
        fz528969

  o The OUDK Optimizing C Compilation System (uccs) package, version
    8.0.2a, contains these fixes:

    10. With the introduction of NSS, SCO has changed some existing APIs
        and added some new APIs to support NSS. Customers building binaries
        that use these APIs will find that their compile will fail with
        undefined symbol references similar to the following:

            Undefined                       first referenced
            symbol                          in file
            getspnam_r                      libperl.so
            getpwent_r                      libperl.so
            getgrent_r                      libperl.so

        Note:
        This problem is only seen in systems upgraded from earlier UnixWare
        releases to UnixWare 7.1.4.

    11. C compiler bug fixed. In -Xt mode, the compiler may incorrectly
        attempt to combine two typedef's that are not numeric types.
        erg712635/fz529721

    12. Make command bug fixed. $(XD:str=rep) broken, where X is any of
        the @*<%? special characters.
        erg712665/fz529930

  o The X11R6 X Server (xserver) package, version 8.0.2a, contains this
    fix:

    13. SECURITY: Some files and directories were created incorrectly
        allowing write permission to arbitrary users. Some system daemons
        were running with a file creation mask (umask) set to 0.
        fz528862

  o The Additional Modules for Perl (modjk1) package, version 2.0.4,
    contains this fix:

    14. Provides the modjk connector for Apache 1 and Tomcat. Apache 2
        users do not need this package.

        Notes:
        o This package is not installed by default.
        o This package will not conflict with modjk for Apache 2 & Tomcat as
          the library is installed in a different location.

        fz529629

§9.2: Problems Fixed in Maintenance Pack 2:

The UnixWare 7.1.4 Maintenance Pack 2 set (uw714mp2) contains the
following fixes. These fixes are also included in the UnixWare 7.1.4+
Update set (uw714plus).

  o uw714m2 package fixes:

    Feature and usability enhancements:

     1. Updated Laptop PC Card support to include CardBus support.
        fz529602

     2. Updated /sbin/p6update to support new Intel Prescott and Nacona
        processors.  Includes additional microcode updates.
        fz530177

     3. Enhanced /etc/hw command to decode Pentium 4 cache size information
        and system memory sizes in excess of 4Gb.
        fz525623
        fz528909

     4. Added lsof command version 4.73.

        Lsof is a UNIX-specific tool.  Its name stands for LiSt Open Files,
        and it does just that.  It lists information about files that are
        open by the processes running on a UNIX system.

        The lsof provided is compiled with the following flags:
        -DINKERNEL -Kthread -Kalloca -O2

        See the complete copyright notice at the end of this file.
        fz530110

     5. Increased the number of users from 1 to 2 for the default Business
        Edition license.
        fz530379

     6. Added the Japanese Gaigi character definitions to Japanese locales.
        erg712726/fz530392

     7. For X11R6 applications, allow the NumLock key to be used with Motif
        accelerator and mnemonic keys for pulldown menus.  To enable this
        feature, set the environment variable "XMNUMLOCK=ALL" for the
        process.
        erg712703/fz530229


    Security improvements:

     8. SECURITY: A new file system tunable, CHROOT_SECURITY is provided
        to protect against a known exploit for escaping from a chroot
        prison.  The new tunable is described in /etc/conf/dtune.d/fs and
        defined in /etc/conf/mtune.d/fs.  Protection is provided by the
        default value of 1 but traditional behavior may be obtained by
        setting CHROOT_SECURITY to 0, and rebooting the system.
        erg712509/fz528555 SCOSA-2005.2

     9. SECURITY: ICMP error messages are discarded for TCP connections if
        TCP sequence number in ICMP payroll is not in the range of the
        data already send but not yet acknowledged.
        erg712758/fz530661

    10. SECURITY: Fixed the Common Desktop Environment dtlogin XDMCP Parser
        Remote Double Free vulnerability.
        erg712592/fz529303 SCOSA-2005.18

    11. SECURITY: Fixed the following Denial of Service vulnerability.
        When the NFS mountd service is run by inetd and an NFS mount related
        request is received from a remote (or local) host, inetd will
        repeatedly create the mountd process and as a result increasingly
        consume memory.  This problem also exists for the following inetd
        services: ypupdated, rusersd, sprayd, and walld.

        To fix this, the mountd service is updated from a "dgram" service to
        a "tli" service.  The socket_type (in /etc/inet.d/inetd.conf) is
        also changed from "dgram" to "tli" for the following inetd
        services: mountd, ypupdated, rusersd, sprayd, and walld.
        erg712731/fz530479 SCOSA-2005.1

    12. SECURITY: An upgrade to the KAME implementation of internet key
        exchange (IKE) daemon implementation which includes several
        security fixes.
        erg712650/fz529836 SCOSA-2005.10

    Reliability improvements:

    13. Fixed kernel panic caused by Merge trying to save FPU state when
        FPU hasn't been used.
        fz529860

    14. Fixed various bugs in fork that in turn could lead to kernel panics in
        priocntl.  The fixes had to do with ensuring that per-lwp properties
        were inherited consistently across a fork.
        fz529463

    15. Fixed kernel panic that can sometimes occur due to race condition
        between fdetach of a named pipe and the last close on the pipe's
        file descriptors.
        erg711929/fz519727

    16. Fixed kernel panic and kernel memory corruptions caused by an
        erroneous pointer left in a STREAMS lower multiplexor queue
        structure during execution of an I_LINK or I_PLINK ioctl.
        erg712470/fz528449

    17. Fixed deadlock that can occur if an NMI occurs on one CPU at the
        same time that another CPU takes a clock interrupt and attempts to
        recalibrate the clock.
        erg712722/fz530382

    Networking improvements:

    18. Fixed bugs in the scoadmin dhcp and address allocation managers
        that cause tcl failures and hangs.
        fz526860
        fz528398
        fz528404
        fz528650
        fz529146
        fz529522

    19. For /dev/tcp, /dev/udp and other related device nodes, permission is
        given to root to change access and modification times, and to change
        mode, uid and gid if they are different from the current ones.
        erg712672/fz528399

    20. Fixed IP packet filtering.
        erg712619/fz529605

    21. Fixed race between tcp input processing and tcp close processing.
        erg712585/fz529161

    22. The netstat -I <interface> <interval> command displays output
        incorrectly, if the machine gets a lot of packets in a particular
        interval.
        erg712663/fz529916

    23. System gets many "Out of stream" messages in osmlog and kernel panics
        afterwards.
        erg712707/fz530251

    24. SNMP time ticks are being interpreted as signed 32-bit integers
        instead of unsigned 32-bit integers
        erg712732/fz530366

    25. An errant assumption about the maximum size of tcp/ip header
        including the MAC header and the STREAM headers would not exceed 256
        bytes caused the system to write past the allocated space.  The
        allocation optimization now properly accounts for the MAC header if
        it does not exceed the 256 byte KMA pool size.
        fz530654

    26. There was a namespace conflict within the definition of inet_ntoa.
        The kernel version is renamed to inet_ntoa_r.  This helps to ease
        porting of open source applications to UnixWare.
        fz529706

    27. Changes to ip_var.h to allow porting of open source applications
        without requiring the inclusion of some UnixWare-specific headers.
        fz529708

    28. Moved _tcpconn and tcp_dbg_hdr data structures and associated
        defines from tcp.h to tcp_var.h to allow porting of open source
        applications without requiring the inclusion of some
        UnixWare-specific headers.
        fz530909

    USB improvements:

    29. Certain USB keyboards exhibit a jitter that is usually seen as
        the repetition of a previous character.
        erg712294/fz527741

    30. Fixed a potential problem with newer EHCI USB controllers that are
        controlled by the system BIOS.  The visible symptom is that devices
        attached to the EHCI ports of certain systems won't work.
        fz530306

    31. Low and full speed USB devices attached directly (i.e. not via a
        USB 2.0 hub) to an EHCI controller will get a message logged to the
        console 'Device reset timeout during enumeration!' when they are
        discovered.  The message is benign; the devices work as expected.
        This fix eliminates the cause of the distracting message.
        fz530377

    32. Fixed bug in UDI bridge mapper that caused shared PCI interrupts
        to remain un-acknowledged during USB host controller initialization
        leading to system hangs.
        erg712677/fz530090
        erg712699/fz530174

    33. Attempting to autoconfigure a USB mouse via the mouseadmin command
        did not work properly, and the mouse test would always fail.  This
        problem would only be encountered by those adding or switching to a
        USB mouse, post ISL, and attempting to autoconfigure it through
        mouseadmin.
        fz530587

    Motif library and X improvements::

    34. Fixed a bug where the change of background of the Motif Scale
        widget with XtSetValues has no effect if the widget was not realized
        yet.
        erg712682/fz530146

    35. Fixed the XmATTACH_OPPOSITE_FORM attachment in the children of a
        Form widget using the incorrect sign of the value, which causes the
        form to resize itself to become smaller and smaller.
        erg712697/fz530166

    36. Fixed the display of the Japanese messages in programs based on
        the Athena widgets.

        Note:
        Portions of this fix are contained in the xserver, xclients, and
        xcontrib packages.  These packages must be installed or the
        commands will stop working in Japanese!

        erg712661/fz529890

    Misc improvements:

    37. Changes to acpi and mps drivers to recognize pci devices that
        were previously not found.  Includes an upgrade to the latest
        version of the acpi driver.
        fz530205
        erg712706/fz530250

    38. Online and offline of processors may work incorrectly on systems
        where the processors report more than one logical processor per
        physical package when hyperthreading is disabled in the system BIOS.
        fz530165

    39. Fixed problems caused by the Intel ICH3-S chipset occasionally
        returning bad real-time clock values.  Symptom was that some
        platforms may hang on boot with warning messages from
        psm_time_spin_adjust.
        erg712593/fz529317

    40. Various "off by one" errors fixed in the interval timer code.
        erg712667/fz529962

    41. Disksetup's default blocksize does not work with large VxFS file
        systems.
        erg712615/fz529483

    42. Fixed the reserve bitmap buffer setup to wrong channel/snode during
        VxFS snapshot creation, which caused snapshots to be disabled due to
        read i/o failures on good drives.
        erg712644/fz529774

    43. init failing to change runlevels.  There was a race condition in the
        waitproc function in the init code that has been fixed.
        erg712313/fz527890

    44. System hangs on boot - idmknodd last process run.  There was a race
        condition in the waitproc function in the init code that has been
        fixed.
        erg712607/fz529426

    45. Fields incorrectly labeled in rtpm utility in Japanese locale.
        fz530091

    46. The auditrpt -f <filename> command is causing segmentation faults on
        some audit report data files.
        erg712760/fz530410

    47. The ap command is causing segmentation fault.

        Note: Portion of this fix is in the libc package.

        erg712675/fz530046

    48. The creatiadb command is not working.
        erg712678/fz530093

    49. The ps command will now report NI values as set by nice(2), rather
        than always displaying a 0 in that output column.  This is only a
        compatibility measure and does not imply that the value set by
        nice(2) will affect scheduling behavior.
        fz530118

    50. Printer manager GUI hangs while adding local printers on a freshly
        installed system.
        fz530092

    51. C++ template instantiation fails when object file has non-.o suffix
        To fix this, .ti and .ii suffixes now append to, rather than
        replace, non-.o object suffixes.
        fz530247

    52. A function call argument that is an expression with "side effects",
        cannot be used directly more than once when doing function inlining.
        A C++ "? :" expression, in which the third operand (conditionally
        evaluated) created a short-lived temp class object, was incorrectly
        replicated when replacing a multiply-referenced parameter in an
        inlined function.
        fz530178

    53. For NIS systems, correct lookup-by-GID failure.

        Note: Portion of this fix is in the libc package.

        fz530952

    54. We now have libcrypto.so from openssl package also and it defines
        _des_crypt() which is also defined by libcrypt.so.  Updated
        libcrypt.so to use its own definition so that things remain sane.
        fz530438

    55. Updated the /usr/lib/apache/conf/httpd.conf file if apache-1.3.29 and
        php-4.3.5 are installed, or the /opt/apache2/conf/conf.d/php4.conf
        file if apache2-2.0.49 and php4-4.3.5 are installed, with:

        AddType application/x-httpd-php .php .php3 .inc .phtml
        AddType application/x-httpd-php-source .phps

        In future, installation of php or php4 should update these files.
        fz529730

    56. Fixed Tomcat 4.1.30 start script to implement a nohup.
        In future, this will be fixed in the tomcat package.
        fz530103

    57. Fixed the Perl 5.8.3 configuration files to remove build pathnames.
        In future, this will be fixed in the perl package.
        fz530344

    58. Fixed a syntax error in Mozilla start script.
        In future, this will be fixed in the mozilla package.
        fz530539

  o Runtime C Library (libc) version 8.0.2b fixes:

    Note:
    All fixes in the libc package are also included in the uccs package.

    59. Fixed a memory leak in tzset().
        erg712729/fz530421

    60. 61The ap command is causing segmentation fault.
        erg712675/fz530046

    61. PAM enabled services do not update syslog correctly.
        fz530185
        fz529908

    62. For NIS systems, correct lookup-by-GID failure.
        fz530952

  Additional bug fixes and enhancements are provided with the following
  packages that are distributed with UnixWare 7.1.4 Maintenance Pack 2.
  These fixes are also included in the supplemental packages provided with
  UnixWare 7.1.4 Maintenance Pack 4.

  o The Common Unix Printing System (cups) package, version 1.1.19-03:

     1. SECURITY: Fixed a Denial of Service vulnerability.  It was possible
        to disable browsing in CUPS by sending an empty UDP datagram to port
        631 where cupsd is running.
        erg712688/fz530153 SCOSA-2004.15
,

  o The Foomatic Filters and PPDs (foomatic) package, version 3.0.2:

     2. SECURITY: Foomatic has been updated from version 3.0.0-02 to 3.0.2
        to fix a security problem.

        Please see the foomatic website for the list of changes.
        http://www.linuxprinting.org/foomatic.html

        erg712704/fz530505 SCOSA-2005.12

  o The HP Inkjet Printer Driver (hpijs) package, version 1.5-02:

     3. Updated and new PPD files for non-HP printers from the
        foomatic-3.0.2 distribution.
        erg712704/fz530505

  o The Lightweight Directory Access Protocol services (ldap) package,
    version 8.0.1a:

     4. LDAP fails to start with the following error message:
        dynamic linker: /usr/lib/ldap/slapd: relocation error symbol not
        found: ldapdebug_level referenced from /usr/lib/ldap/slapd
        erg712679/fz527615

  o The Runtime OpenServer library (libosr) package, version 8.0.2a:

     5. This version contains an updated libc.so.1 and three new libraries:
        libm.so.1, libcurses.so.1, and libsocket.so.2.
        fz529055

  o The PNG (Portable Network Graphics) Library (libpng) package, version
    1.2.7:

     6. SECURITY: Libpng has been updated from version 1.2.5 to 1.2.7 to fix
        several security problems.

        Please see the libpng website for the list of changes.
        http://www.libpng.org/pub/png/libpng.html

        erg712684/fz530149 SCOSA-2004.16

  o The Network Drivers (nd) package, version 8.0.2b:

     7. Updated Intel PRO/100 (eeE8) Network Driver to version 2.9.1.
        fz530765

     8. Updated Intel PRO/1000 (e1008g) Network Driver to version 7.4.9.
        fz530764

     9. Updated Broadcom Gigabit (bcme) Network Driver to version 7.5.22.
        fz530259

    10. The following NIC drivers have been updated to include PC Card
        support: d21x, e3E and nat.
        fz529602

    11. The following new adapters are now supported including CardBus NICs
        and selected PRISM II Wireless PC Card NICs:

        3Com EtherLink III 3C589C 0101058906
        3Com EtherLink III 3C589D 0101058906
        3Com 10Mbps LAN PC Card 3CCE589EC
        3Com 10Mbps LAN PC Card 3CXE589DT
        3Com 10Mbps LAN PC Card 3CCE589ET
        3Com 10/100 LAN PC Card 3C3FE574BT
        Intel PRO/100 CardBus II MBLA3300
        Intel PRO/100 S Mobile Adapter MBLA3300 C3
        Intel PRO/100 CardBus II MBLA3400
        Linksys Combo PCMCIA EthernetCard EC2T
        Linksys EtherFast 10/100 PC Card PCMPC100
        Linksys EtherFast 10/100 CardBus Card PCMPC200
        Linksys Wireless-B Notebook Adapter (802.11b)
        Netgear 10/100 PCMCIA FA410
        Netgear 10/100 PCMCIA Mobile Adapter FA411
        Netgear 10/100 CardBus FA510
        Netgear 802.11b Wireless PC Card MA401
        Socket Communications EA
        Socket Communications LP-E

  o The Network Infrastructure and Configuration Subsystem (nics) package,
    version 8.0.2b:

    12. System kernel panics under heavy load in dlpi_hwfail_handler.  There was
        race condition in txmon handler.
        erg712681/fz530124

  o The Open Secure Shell (openssh) package, version 3.9p1-01:

    13. OpenSSH has been updated from version 3.8.1p1 to 3.9p1.

        Please see the openssh website for the list of changes.
        http://www.openssh.com/

    14. When sshd is stopped and restarted, it no longer works.
        The user trying to get in gets the following message:
        Read from socket failed: Resource temporarily unavailable
        fz529865

    15. Host based authentication does not work with openssh.
        fz530102

    16. Cannot login to an account with an expired password with openssh.
        fz530287

  o The Samba (samba) package, version 3.0.10:

    17. SECURITY: Samba has been updated from version 3.0.4 to 3.0.10 to fix
        several security problems.

        Please see the samba website for the list of changes.
        http://www.samba.org/samba/

        erg712735/fz530486 SCOSA-2004.15
        erg712754/fz530644

  o The Squid Caching Proxy Server (squid) package, version 2.5.STABLE7:

    18. SECURITY: Squid has been updated from version 2.4.STABLE7 to
        2.5.STABLE7 to fix several security problems.

        Please see the squid website for the list of changes.
        http://www.squid-cache.org/

        erg712610/fz529457 SCOSA-2005.16
        erg712740/fz530514

  o The OUDK Optimizing C Compilation System (uccs) package, version 8.0.2b:

    19. SECURITY: Fixed predictable temporary file creation by the cscope
     	command that can be exploited by any local attacker to remove arbitrary
     	files on the vulnerable file system via the infamous symlink
     	vulnerability.
     	erg712738/fz530500

    20. When doing optimization on functions with exceptionally large
        code blocks where the total number of arguments passed to  calls in
        a single block exceeds 8000, the C or C++ compiler may generate
        incorrect memory addresses for local variables.  This problem has
        only occurred in atypical 4GL generated source code.
        erg712757/fz530656

    21. Invalid #define of setterm() macro in curses.h.
        fz530412

    22. When alloca() is used as an argument to another function call, the
        stack of the current frame may be corrupted such that invalid
        (saved) register values may be returned to the callee.
        fz527215
        fz531008

  o The General Purpose Data Compression Library (zlib) package,
    version 1.2.1-01:

    23. SECURITY: Fixed a Denial of Service vulnerability.  Fixed error
        handling in the inflate implementation to avoid incorrectly
        continuing to process in error state.
        erg712692/fz530158 SCOSA-2004.17

  o The X11R6 Base X Runtime System (basex) package, version 8.0.2a:

    24. SECURITY: Fail-soft mechanism is implemented for handling cases
        where the permissions and/or owner of the /tmp/.X11-unix,
        /tmp/.ICE-unix, and /tmp/.font-unix directories are not correctly
        set.

        Fail-soft means, if the permission and/or owner is improperly set,
        the component would try to properly set it.  If it is unable to do
        that, it would generate error/warning message(s), but the component
        would not fail.

        Note: Portions of this fix are contained in the xserver package.

        erg712694/fz530161 SCOSA-2005.8

    25. Fixed XtAppAddInput() function.
        Added missing brackets around XPOLL_READ, XPOLL_WRITE, XPOLL_EXCEPT
        erg712671/fz529974

  o The X11R6 X Server (xserver) package, version 8.0.2b:

    26. Invoking "scoadmin video" on an Intel SE7520JR2 white box server to
        adjust graphics resolution in either character or graphics mode
        causes the system console to start blinking, and there is no
        recovery other than rebooting.
        erg712755/fz530648

  o The X11R6 Contributed X Clients (xcontrib) package, version 8.0.2a:

    27. Fixed warning message from the xtetris command.
        fz530182

    28. The puzzle command is causing segmentation fault.
        erg712700/fz530183

    29. The ar command displays incorrect message in Japanese environment.
        erg712640/fz529737
		  

  o The X11R6 Graphics Drivers (xdrivers) package, version 8.0.2a:

    30. Added the Matrox G550 Video Adapter support to the mtx driver.
        fz530771

  o The IP Filter (ipf) package, version 4.1.3:

    31. IP Filter 4.1.3 is an advanced open source filtering package which
        provides both firewall and network address translation services.  It
        is the most common filtering package supported across different
        flavors of UNIX.  For a complete list of features and services
        provided, please check the following URLs.

        o http://coombs.anu.edu.au/~avalon/
        o http://www.obfuscation.org/ipf/ipf-howto.txt

        fz530132

§9.3: Problems Fixed in Maintenance Pack 3:

• Feature and usability enhancements
• Kernel improvements
• Security enhancements
• Networking improvements
• USB improvements
• Motif library and X improvements
• Commands
• Development System
• Application Fixes
• Other Fixes
• Drivers

Feature and usability enhancements

1. Support for HOPF Serial Device and the following clocks is enabled in NTP demon and utilities. --

           o Diem Computime Radio Clock
           o ELV/DCF7000 clock
           o HOPF 6021 clock
           o Meinberg clocks
           o RCC 8000 clock
           o Schmid DCF77 clock
           o WHARTON 400A Series clock
           o VARITEXT clock
   

   (ID: 531232:2 ESC: erg712797)

2. Support for Intel multiple (dual) core processors.

   Multiple core processors have two or more processor cores in each physical package, continuing the trend started with hyperthreading, but offering enhanced parallelism and improved performance due to additional processor cores.

   Multiple processor cores are automatically detected and utilized if they are available. However, hyperthreaded processors are not utilized unless the administrator specifically requests their use. No additional CPU licenses are required to use either multiple processor cores or hyperthreaded processors.

   The use of multiple processor cores can be disabled with the boot parameter "MULTICORE=N" entered at the boot prompt or added to the "/stand/boot" file. Having multiple core support enabled has no effect on systems that do not have multiple core processors. If the use of multiple processor cores is explicitly disabled with the "MULTICORE=N" boot parameter, then the use of hyperthreaded processors is also disabled.

   Hyperthreaded processor support is still disabled by default. Support for hyperthreaded processors can be enabled with any of the following boot parameters:

           ENABLE_HT=Y
           HYPERTHREAD=Y
           ENABLE_JT=Y
   

   (ID: 532712:3 SLS: ptf9051b)

3. Support for AMD Dual Core processors.
   (ID: 532956:2 SLS: ptf9051c)

4. Update message catalogs and fix message catalog errors in PAM-related code.
   (ID: 531385:2)

5. Support for remote LDAP server authentication. --
   A new PAM module (pam_ldap)has been added that allows authentication via PAM against an LDAP Server. OpenLDAP has two more files pam_ldap.so and ldap.so installed as /usr/lib/security/pam_ldap.so and /usr/lib/nss/ldap.so. These two files together can be used to provide authentication against an OpenLDAP server.
   (ID: 530735:2 ESC: erg712767)

6. IBM BladeCenter w/ BIOS 1.09 loops with USB keyboard --
   This problem has been resolved.
   (ID: 532234:3)

Kernel improvements

1. Kernel panic in kma_giveback on Maintenance Pack 1 --
   Fixed a kernel panic and possible memory corruption that can occur when a process that has attached shared memory segments fails a fork system call.
   (ID: 530917:1 ESC: erg712782)

2. Kernel panic in ICH (sound) initialization --
   ICH Intel Audio driver: If an interrupt comes in during ICH enumeration from a device sharing an IRQ with the AC'97 controller than the ich_intr() routine can cause a kernel panic due to incorrect lock allocation during enumeration. This has been fixed.
   (ID: 532377:2)

3. System upgraded from Release 7.1.2 (8.0.0) experiences kernel panics regularly --
   Fixed a kernel panic when running LKP binaries, due to a stack corruption.
   (ID: 533255:2)

4. PCI slot numbers not reported correctly --
   This problem has been resolved.
   (ID: 533303:2)

5. TBLNK tunable parameter has incorrect description message --
   The description for the TBLNK tunable parameter says that the adjustment is in minutes instead of seconds, as it actually is.
   (ID: 530828:2)

6. Balance callouts across multiple cpus --
   A problem that could have caused kernel timeouts to bottleneck on cpu 0 has been fixed. Support is added to allow running global callout on any cpu. If this feature is enabled via setting callout_balance to 1 in svc.cf/Space.c, then callouts may execute on cpu other than the boot cpu. This has the affect of running callouts at the precise scheduled time in an heavy system workload.
   (ID: 532367:1 SLS: ptf9051a)

7. Timeouts for bound drivers may run on wrong cpu --
   This problem has been fixed.
   (ID: 532326:1 SLS: ptf9051a)

8. init 0 - unthrottled loop on console input - possible to overheat processor --
   If after initiating shutdown, the system is not powered off after the following message is displayed, the processor heats up:

           System has halted and may be powered off (Press any key to reboot)

   Added a spin pause instruction into the loop; this is allegedly thermal friendly.
   (ID: 530708:2 SLS: ptf9051a)

9. System info defines for SI_SET_VERSION and SI_SET_SYSNAME reuse numbers issued to Solaris --
   This problem has been resolved.
   (ID: 533077:1)

10. VxFS snapshot kernel panic using BackupEdge --
    Fixed 2 kernel panics and a hang related to reading snapshot filesystem via direct I/O.
    (ID: 532771:2)

11. System hung processes waiting on lock --
    Asynchronous VxFS transaction log flush can hang forever when MPIO layer detects a path failure and attempts path recovery. This can freeze all other file system activity, and cause system hang. The fix is to setup the correct flags in I/O request buffer when Asynchronous I/O operation is requested.
    (ID: 530400:3 ESC: erg712725)

12. Kernel panic when running OpenServer binary --
    This problem has been resolved.
    (ID: 529023:1)

13. Bad declaration of _h_errno() function return type --
    Change netdb.vh and libsocket/inet/nd_gethost.c to agree that _h_errno() returns "int *" and not "const int *".
    (ID: 531073:1)

14. On IBM x445 with 3.0 Ghz cpu(s) the OS does not detect the whole memory after a reboot --
    Fixed mps and atup psm initialization to do "himem" detection after APIC and PIC initialization or after masking all interrupts on PIC, otherwise unexpected hardware interrupts can cause failure of v86bios() calls to detect "himem" via BIOS e820 interfaces, leading to OS not detecting whole system memory.
    (ID: 530717:2 ESC: erg712765)

15. Priocntl on an FP-class process running an OpenServer 5 binary may panic the kernel. --
    For the SVR5 ABI, the value FP_NOCHANGE is defined to be -5. For the OSR5 ABI, this value is SCO_RT_NOCHANGE, defined to be -1. The fix is to have the kernel use FP_NOCHANGE internally to mean "no change", and to have fp_parmsin convert SCO_RT_NOCHANGE to FP_NOCHANGE when accepting a request from an OSR5 ABI program.
    (ID: 531493:2)

16. Kernel panics with trap E after running Java program --
    This problem has been resolved.
    (ID: 533322:3)

17. Added new native hot-plug interfaces to SDI so newer drivers can dynamically remove and add targets.
    (ID: 532894)

18. PSM fix for Intel S3E31XX (Harwich) BIOS not having BSP as first entry in MPS cpu tbl --
    The Boot Strap Processor is incorrectly identified on the Intel S3E31xx series (Harwich/Twin Castle) platform. This problem manifests itself as a spontaneous system reset when the remaining processors are brought online. PSM now smarter about location of BSP entry, preventing reboots when additional processors are brought online.
    (ID: 532473:2 SLS: ptf9051)

19. xAPIC detection is broken on systems with > 8 logical processors --
    This problem has been resolved.
    (ID: 532824:2 SLS: ptf9051b)

20. mega driver high CPU consumption --
    Interrupts may be incorrectly routed when the ACPI boot parameter is set with "ACPI=Y". It may also occur on uniprocessor systems that support hyperthreading and do not have MPS BIOS tables when the ENABLE_JT boot parameter is set with "ENABLE_JT=Y". This problem only manifests itself on systems with complex bus architectures. Symptoms that the fix is required are any of:
    1. High CPU consumption in interrupt time when the system is otherwise idle, as indicated by sar and/or rtpm.
    2. Devices with interrupt timeouts.
    3. PCI devices that cannot be found.
    
    (ID: 531694:2 SLS: ptf9051a)

21. ACPI:Unable to access PCI config space error when enabling jt --
    This problem has been fixed.
    (ID: 531695:2 SLS: ptf9051)

22. Deadlock in asyc output stream --
    This problem has been resolved.
    (ID: 531720:2 ESC: erg712825)

Security improvements

1. SECURITY: tcpdump Denial of Service --
   [SCOSA-2005.60] Various flaws in tcpdump can allow remote attackers to cause denial of service. To fix this, tcpdump and libpcap have been updated to version 3.9.3 and 0.9.3 respectively.
   (ID: 532314:2 ESC: erg712849)

2. SECURITY wu-ftp Denial of Service --
   [SCOSA-2005.28] The wu_fnmatch function in wu_fnmatch.c allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
   (ID: 532336:2 ESC: erg712855)

3. SECURITY: rpcbind Denial of Service --
   [SCOSA-2005.31] When the RPC portmapper (rpcbind) receives an invalid portmap request from a remote (or local) host, it falls into a denial of service state and cannot respond. As a result, the RPC services will not operate normally.
   (ID: 532477:2 ESC: erg712862)

4. SECURITY: telnet client information disclosure --
   [SCOSA-2005.35] The telnet client allows remote malicious telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
   (ID: 532338:4 ESC: erg712857)

5. SECURITY: telnet client multiple issues --
   [SCOSA-2005.21] Buffer overflow in the slc_add_reply function when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. Heap-based buffer overflow in the env_opt_add function in telnet.c allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
   (ID: 531446:2 ESC: erg712801)

6. SECURITY: uidadmin Buffer Overflow Vulnerability --
   [SCOSA-2005.54] Local exploitation of a buffer overflow vulnerability in the uidadmin binary allows attackers to gain root privileges. Successful exploitation of this vulnerability requires that user have local access to the system. This would allow the user to gain superuser privileges.
   (ID: 533178:3)

7. SECURITY: Racoon Denial of Service --
   [SCOSA-2005.37] Racoon is an IKEv1 keying daemon, a common IPSec Utility. Due to a bug in the way the Racoon parsed incoming ISAKMP packets, an attacker could possibly crash the racoon daemon by sending a specially crafted ISAKMP packet.
   (ID: 531604:2 ESC: erg712818)

8. SECURITY: ICMP TCP connections may be degraded or dropped --
   [SCOSA-2005.36] The ICMP RFC recommends no security checking for in-bound ICMP messages, so long as a related connection exists, and may potentially allow several different Denials of Service. The following individual attacks are reported: A blind connection-reset attack is reported, which takes advantage of the specification that describes that on receiving a 'hard' ICMP error, the corresponding connection should be aborted. A remote attacker may terminate target TCP connections and deny service for legitimate users. An ICMP Source Quench attack is reported, which exploits the specification that a host must react to ICMP Source Quench messages by slowing transmission on the associated connection. A remote attacker may effectively degrade performance for a legitimate connection. To fix these issues, a new networking parameter tcp_ignore_quench is introduced for configuring ICMP source quench message behavior for tcp connections. When it is set to 1, ICMP source quench messages are ignored for tcp connections. Default value of this parameter is 1.
   (ID: 530661:3 ESC: erg712758)

9. SECURITY: TCP RFC1323 denial of service --
   TCP connections can be stalled/dropped using the TimeStamp option of a TCP connection.
   (ID: 531593:2 ESC: erg712814)

10. SECURITY: ppp prompt buffer overflow vulnerability --
    [SCOSA-2005.41] Local exploitation of a buffer overflow vulnerability in the ppp binary, allows attackers to gain root privileges.
    (ID: 532994:2 ESC: erg712940)

11. SECURITY: Xloadimage NIFF Image Title Handling Buffer Overflow --
    [SCOSA-2005.56] A buffer overflow in xloadimage, might allow user-complicit attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.
    (ID: 533253:3)

12. SECURITY: cpio directory traversal vulnerability --
    [SCOSA-2005.32] A malicious user can create cpio archives containing absolute pathnames and/or relative pathnames like ../ (dot dot/) causing users running cpio -i to inadvertently overwrite files on their system. To prevent it, a new option "-N" is provided for "safe mode", where cpio is trapped inside the present working directory while extracting files.
    (ID: 532333:2 ESC: erg712854)

13. SECURITY: Lynx Remote Buffer Overflow --
    [SCOSA-2005.47] A vulnerability in Lynx can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "HTrjis()" function in the handling of article headers sent from NNTP (Network News Transfer Protocol) servers. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site which redirects to a malicious NNTP server via the "nntp:" URI handler. Successful exploitation allows execution of arbitrary code. As part of this fix lynx has been updated to 2.8.5.
    (ID: 533159:3)

14. SECURITY: Lynx Command Injection Vulnerability --
    [SCOSA-2005.55] Remote exploitation of a command injection vulnerability could allow attackers to execute arbitrary commands with the privileges of the underlying user. The problem specifically exists within the feature to execute local cgi-bin programs via the "lynxcgi:" URI handler. The handler is generally intended to be restricted to a specific directory or program(s). However, due to a configuration error on multiple platforms, the default settings allow for arbitrary websites to specify commands to run as the user running Lynx.
    (ID: 533314:3)

15. SECURITY: libXpm may allow attackers to execute arbitrary code --
    [SCOSA-2005.57] An integer overflow vulnerability in libXpm can be exploited by a remote user to cause arbitrary code to be executed. The 'scan.c' code does not properly validate user-supplied data contained in image files. A remote user can create a specially crafted image file that, when processed by the target user or application, will trigger the overflow and execute arbitrary code.
    (ID: 533161:6)

16. SECURITY: docview htdig cross site scripting flaw --
    [SCOSA-2005.45] Cross-site scripting vulnerability in docview (htdig) allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
    (ID: 531483:2 ESC: erg712807)

Networking improvements

1. The OpenLDAP Software Suite (openldap) package, version 2.1.22-01:
   1. libthread was not linked properly. The previous configuration used -lthread instead of -Kthread while building opendlap.
      (ID: 530735)

   2. The binaries are now dynamically linked with LDAP and DB libraries.
      (ID: 530735)

   3. Support added for remote LDAP server authentication. --
      OpenLDAP has two more files pam_ldap.so and ldap.so installed as /usr/lib/security/pam_ldap.so and /usr/lib/nss/ldap.so. These two files together can be used to provide authentication against OpenLDAP server.
      (ID: 530735 ESC: erg712767)

2. named (9.2.1) fails to switch to secondary forwarder in the event of primary failure --
   This has been resolved. Additionally, BIND has been updated to version 9.2.5.
   (ID: 532808:3 ESC: erg712896)

3. telnet sessions have incorrect timestamp in syslog --
   This problem has been fixed.
   (ID: 532534:1)

4. netstat command does not find the IP/name of the configured interfaces --
   netstat was not displaying network and IP addresses properly.
   (ID: 530807:2)

5. Delays seen when doing rsh, rlogin, or rcp into a UnixWare 714 MP1 box.
   The pam_rhosts module has been modified to use text-based comparison to check whether the host requesting rsh, rlogin, or rcp is listed in .rhosts or /etc/hosts.equiv. This behavior is consistent with UnixWare behavior in earlier releases which did not support PAM. In contrast, the previous release of the pam_rhosts module used an IP-address comparison to check for host equivalence.
   A new option, "checkaddr," has been added to the pam_rhosts module. Use of this option will cause pam_rhosts to use an IP-address comparison for host equivalence.
   (ID: 530252:2 ESC: erg712708)

6. To exclude users from password aging rules, e.g., for FTP, "passwd -n2 -x1 <login>" is used. This is supposed to remove password aging restrictions from the login, so that the password never expires; however, FTP login failures due to password aging still occurred after executing the above. The problem was found in the PAM module for FTP, and has been fixed.
   (ID: 530051:1)

7. Unloading ipf causes kernel panic --
   This problem has been resolved in the ipf-4.1.3a package.
   (ID: 531340:2)

8. Kernel panic in fsflush_pageflush while running du on NFS mount point. --
   Fixed a race between fsflush which is releasing an un-referenced vnode and NFS rnode allocation code which is trying to re-use the same free'd/inactive vnode, leading to kernel panic.
   (ID: 530399:4 ESC: erg712724)

9. xntpd does not include support for parse clocks like a HOPF6021 clock --
   Support for HOPF Serial Device and the following clocks is enabled in NTP demon and utilities:

     o Diem Computime Radio Clock
     o ELV/DCF7000 clock
     o HOPF 6021 clock
     o Meinberg clocks
     o RCC 8000 clock
     o Schmid DCF77 clock
     o WHARTON 400A Series clock
     o VARITEXT clock
   

   (ID: 531232:2 ESC: erg712797)

10. Incompatibility in bind() between OSR5 and UW7 --
    OSR5 application socket API compatibility
    (ID: 529470:2)

11. System hang after pulling NIC cable (e1008g) --
    This has been resolved. The fix is in the nd-8.0.2c package.
    (ID: 531667:3 ESC: erg712824)

12. TCP timers can delay other critical activity --
    On a system with a high TCP connect/disconnect rate (such as a server receiving a large number of web requests), TCP timers such as 2msl, zombie, etc., can take a significant amount of time to process and clean up connections. This has the potential of starving/delaying other non-tcp/tcp timers as well as possibly STREAM activity. This problem has been fixed.
    (ID: 532371:1)

13. OSR5 ioctl compatibility - TI_GETINFO --
    OSR5 application ioctl compatibility fix.
    (ID: 533297:3)

14. MTU is not set correctly in response to an ICMP Error - Fragmentation Needed --
    This has been resolved.
    (ID: 529427:1 ESC: erg712617)

15. /etc/mkfilters doesn't generate a valid filter for ipf to use --
    This problem has been resolved.
    (ID: 532361:2)

16. DHCP server isn't working --
    Allow multiple control options to be received.
    (ID: 531979:2)

17. dlpid does not failover to chain of NICs, nor share backups, mismatching our doc --
    dlpid updated for failback and failover to chain of NICs.
    (ID: 529245:4)

18. nfs mount kernel panic if file system exported with anon=-1 --
    If a system exports an nfs file system with anon=-1 and another tries to mount it, the client panics, or the mount command hangs leaving an unkillable process. This problem has been fixed.
    (ID: 531195:2, 531986:2)

19. e1008g nic driver report same device when network unplugged from 2 different devices --
    The e1008g driver prints (slot, port) which can be same since the confmgr assigns slot number (0) to all on-board devices and the e1008g driver assigns unique port numbers to devices that have same slot numbers and are on the same bus. If the on-board devices are on different buses, the (slot, port) combination would be same. Modified e1008g driver to print (slot,port,bus) when link goes up/down. The fix is in nd-8.0.2c package.
    (ID: 532442:3 ESC: erg712895)

20. d21x .bcfg files - leading spaces in CUSTOM params screws up ISL. --
    Removed white space in d21 *.bcfg files as well as mdi_wan - all the .bcfg files for the ISDN code.
    (ID: 530920:1)

USB improvements

1. Work around problem with IBM Blade Server (eserver 8677-1xx) BIOS version 1.09 that cause system kernel panic shortly after boot.
   (ID: 531479 SLS: ptf9051a)

2. USB printing errors on select combinations of printers and write patterns. --
   Fixed USB printing errors most commonly seen as corruption at end of print job.
   (ID: 532127:2)

3. Cannot access USB floppy after hot adding and sdiconfig -l output is corrupted --
   Fixed USB floppy drive issue, non-synchronized assignments of controller number by both pdiunits and SDI layer cause overlapping and conflicting SDI unit numbers assigned to usb_msto, causing problems while accessing USB floppy drive(s).
   (ID: 529971:2 ESC: erg712669)

Motif library and X improvements

1. The X11R6 X Server (xserver) package, version 8.0.2c:
   1. SECURITY: Xserver local users can gain root --
      [SCOSA-2004.2] Buffer overflow in the ReadFontAlias function in Xsco may allow local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias file.
      (ID: 528865:2 ESC: erg712546)/OS/Gui/X_Motif/XSrvr

   2. A memory corruption in the X server was causing the X server to crash. --
      This problem has been resolved.
      (ID: 530745 ESC: erg712769)

   3. The X server does not properly display a dotted line separator. --
      This problem has been resolved.
      (ID: 531054:2 ESC: erg712794)

2. X clients receive FocusIn event twice, first when the window is clicked and second when a widget a clicked. This problem has been resolved.
   (ID: 531053:2 ESC: erg712793)

3. A black mark is displayed under the first character if the height of a text widget is smaller than the height of the character. This problem has been resolved.
   (ID: 532175:2 ESC: erg712839)

4. Problem with list items in list widgets fixed. If a user clicks on an item in a List widget with SelectionPolicy set to BROWSE_SELECT or SINGLE_SELECT and then clicks on another list item within DoubleClickInterval, the click is treated as second click of the double-click on the original item. The visual affect is that the cursor moves to the second item while the highlight frame remains on the first one. The problem is not seen with short DoubleClickInterval because it's very difficult to do the second click on a different item within that short interval.
   (ID: 532813:2 ESC: erg712897)

5. A dotted line separator is not displayed correctly. --
   This problem has been resolved.
   (ID: 531054:2 ESC: erg712794)

6. Focus is not set on newly created windows in mwm --
   The Motif window manager sometimes does not set focus on the newly created windows. This problem has been resolved.
   (ID: 533334:2)

7. In the Japanese keyboard input environment, the Xserver dies after certain keyboard operations. --
   Optimized code in the server was causing memory corruption in these circumstances. The calls to optimized functions were replaced with calls to unoptimized functions, and the problem has been resolved.
   (ID: 530745:2 ESC: erg712769)

8. Support for ATI Radeon ES1000/RN50 graphics card --
   Support for the ES1000/RN50 video card has been added to the xdrivers-8.0.2b package.
   (ID: 532713:1)

9. Permission of /usr/X/lib/X11/xkb/symbols directory is 0644 --
   This causes incorrect LED behavior on the keyboard. Permissions on the directory /usr/X/lib/X11/xkb/symbols changed to 0755.
   (ID: 528560:3)

Commands

1. The more command does not properly handle files with multibyte characters. It splits multibyte characters across lines and gives the following error:

   more: Illegal byte sequence

   (ID: 531424 ESC: erg712800)

2. The file command and /etc/magic file have been enhanced to provide better and POSIX compliant reporting of command text file types, additional information about ELF object files and core dumps, and recognize additional special file types.
   (ID: 532351)

3. The cm_vtcld and scoadmin utilities core dump when SFNOLIM is tuned higher than 32767.
   (ID: 527772:3 ESC: erg712304)

4. After using `ap`, owner accounts can't gain owner privs --
   Fixed the failure to get owner privileges when logged in as owner.
   (ID: 533134:2 ESC: erg712965)

5. Can't display multibyte character on samba-3.0.4 --
   The iconv command failed to convert between the eucJP and sjis codesets with the following error message:

   UX:iconv: ERROR: No support for eucJP to sjis

   This problem has been resolved.
   (ID: 530767:2 ESC: erg712771)

6. Further tapecntl commands blocked after tapecntl -e interrupted --
   Added support for tape erase i/o process abort in tapecntl and st01.
   (ID: 529485:3 ESC: erg712616)

7. Mailx - incorrect optimization in collect.c - stripnulls() --
   Updated /usr/bin/mailx.
   (ID: 531705:3)

8. fdisk formatting needs update for large disks (> 10K cyls / 76.6 GB) --
   Increased fdisk column widths for larger disk sizes, to prevent column overrun/staircase display for multiple partitions.
   (ID: 530772:2)

Development System

The fixes in this section are contained in the uw714m4, libc, and uccs packages.

1. Segementation faults fixed. Repaired bugs which, in certain situations involving extra long lines in the /etc/passwd, /etc/group, or /etc/shadow files, caused stale pointers to be dereferenced, likely resulting in segmentation faults.
   (ID: 531950 ESC: erg712834)

2. Add support for classic OpenServer "gencat" message catalogs.
   (ID: 532671)

3. Move the getmnt*, putmntent, getvfs*, putvfsent APIs from libgen into the shared part of the C library.
   (ID: 531331)

4. Add the setenv() and unsetenv() APIs (matching The Open Group specifications) to the C library. --
   The routines have been added.
   (ID: 533075:1)

5. The cc command now supports compiling .S-suffixed files. --
   These are assembly language source files that are first passed through the C preprocessor. This allows for assembly language coding across different assembler dialects. The cc command has been modified to support .S files. They are sent to the usual acpp preprocessor, with an additional option to request no extra whitespace insertion. Note that support for .S was not added to the CC command, since the additional complexity required to support it in CC is not justified by the modest user benefit it would provide.
   (ID: 531455:6, 531445:7)

6. Copy propagation optimizations may have failed to consider side-effects in the left operand of an assignment statement, resulting in incorrect code being generated for statements of the form:

   *ptr1++ = .... *ptr2 ....

   and both pointers had the same value an earlier sequence point in the current code block.
   (ID: 531705)

7. The C (C++) compiler support for _Bool (bool) was corrected so that all arithmetic operations will store either a 0 or 1 to a boolean object.
   (ID: 531941, 532751)

8. The C compiler support for compound literals was corrected so that they are appropriately reinitialized when used as part of a loop's controlling expression.
   (ID: 531447, 531350)

9. The C and C++ compiler floating expression evaluation will now correctly narrow (by default and with -Kieee) the value which results from a floating-typed assign-op computation.
   (ID: 531447, 531350)

10. The redundant push/pop elimination optimization done by the assembly peep-hole optimizer (optim) may have incorrectly used the EAX scratch register when it holds the function return value obtained from a call to another function.
    (ID: 532298)

11. Plum Hall CV suite (cvs04a) - multiple issues --
    This problem has been resolved.
    (ID: 531249:2)

12. Automatic compound literal initialization repeated in loop - PH conform/lang --
    This problem has been resolved.
    (ID: 531250:2)

13. strip/mcs fail to adjust section indices for newer ELF features --
    Change strip/mcs code to adjust these additional section indices. Note that this is the only instance where strip/mcs will fiddle with the contents of a section. Also need to update the ELF headers to have the missing SHT_ and SHF_ macros.
    (ID: 533355:1)

14. Copy propagation does not check for side-effect on left side of tree --
    This has been resolved.
    (ID: 531705:4)

15. Inconsistent rounding in CSE temp --
    This changes floating point code generation for C and C++ in those circumstances where a floating "common subexpression" is saved for later use. Instead of saving it with the precision of its implicit type, it will be saved as a full- width 80-bit value so that when it is later used it behaves just as if it had been recomputed for each such use.
    (ID: 532927:1)

16. optim is trying to keep both halves of a 64 bit value in 1 32 bit register --
    Update a function within optim to check whether registers contain implicitly live data before using them.
    (ID: 532298:2)

17. Optim generates some incorrect code following boolean fixes. --
    This problem has been resolved.
    (ID: 531941:2)

18. Order of object files in lib++.a inconsistent from build to build --
    Change made as suggested in incident.
    (ID: 532693:1)

19. getXXent_r() APIs misbehave when the buffer is too short --
    Add code to reset to the start of the line in this situation for the C library APIs. For the NIS aware ones, have it reuse the already created struct in this case.
    (ID: 533169:1)

20. Two bugs in getgr* and getpw* --
    Just need to include the NIS_SCAN bit when setting the NIS_FIRST one for the nss_nis_get*ent*() routines.
    (ID: 530952:3)

21. /usr/include/net/if.h compile errors in C++ --
    This problem has been fixed.
    (ID: 531548:2)

Application Fixes

• The Open Secure Shell (openssh) package, version 4.2p1:
  1. SECURITY: OpenSSH has been updated from version 3.9p1 to 4.2p1. --
     [SCOSA-2005.53] Please see the openssh website for the list of changes. http://www.openssh.com/
     (ID: 532373:1, 532978 ESC: erg712922, erg712933)

• cdrtools - A set of tools for CD/DVD Recorders package, version 2.01.01a01:
  1. SECURITY: [SCOSA-2005.20] Cdrtools has been updated from version 2.01a27 to 2.01.01a01 to fix the following problem:
     Cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
     
     (ID: 530156:2 ESC: erg712690)

• The ESP Ghostscript (gs) package, version 7.07.1:
  1. ESP Ghostscript has been updated from version 7.05.6 to 7.07.1. Please see the cups website for the list of changes. http://www.cups.com/
     (ID: 532587:1)

• The GNU file compression utilities (gzip) package, version 1.3.5:
  1. SECURITY: Gzip Multiple Vulnerabilities
     [SCOSA-2005.58] gzip crashes when an input file name is longer than 1020 characters.
     zgrep in gzip does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
     Race condition in gzip, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
     Directory traversal vulnerability in gunzip -N allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
     (ID: 532919:2 ESC: erg712915)

  2. Gzip updated to handle large files (<4GB).
     (ID: 532327 ESC: erg712850)

• The Squid Caching Proxy Server (squid) package, version 2.5.STABLE12:
  1. SECURITY: [SCOSA-2005.44] Squid has been updated from version 2.5.STABLE7 to 2.5.STABLE12 to fix several security problems. --
     Please see the squid website for the list of changes. http://www.squid-cache.org/
     (ID: 530961, 530961, 533116, 533151, 533254 ESC: erg712785, erg712785)

  2. Reinstated the following which were inadvertently dropped when squid was updated to 2.5.STABLE7:

       o CARP
       o Heap removal policy
       o ICMP
       o Delay pools
       o User-Agent logging
       o Kill parent on shutdown
       o SNMP monitoring
       o HTCP
       o USE_CACHE_DIGESTS
     

     Additionally enabled the following:

       o Referer logging
     

     (ID: 531636:2 ESC: erg712823)

• The TIFF Library and Utilities (tiff) package, version 3.7.3:
  1. SECURITY: [SCOSA-2005.19 SCOSA-2005.34] Tiff has been updated from version 3.5.7 to 3.7.3 to fix several security problems. Please see the tiff website for the list of changes. http://www.remotesensing.org/libtiff/
     (ID: 531015, 532775 ESC: erg712790, erg712889)

• The MySQL package - multi-threaded SQL database server (MySQL), version 4.1.11:
  1. SECURITY: [SCOSA-2005.27] MySQL has been updated from 3.23.49 to 4.1.11 to fix security problems. --
     Please see MySQL website for the list of changes.
     (ID: 531603 ESC: erg712817)

• The Mozilla (mozilla) package, version 1.7.12:

  Note: After installing the latest Mozilla package, you will also need to download and install the latest Java packages so that Mozilla continues to work properly. The Java packages are available separately from the UnixWare 7.1.4 Supplement Page at: http://www.sco.com/support/update/download/product.php?pfid=1&prid=6.

  1. SECURITY: [SCOSA-2005.25] [SCOSA-2005.29] Mozilla has been updated from 1.2.1b to 1.7.12 to fix several security problems. --
     Please see the Mozilla website for the list of changes.
     (ID: 528733:2, 528734:2, 530151:2, 530485:2, 530642:2, 531626:2, 532631:2, 532645:2, 533017:1 ESC: erg712686, erg712734, erg712748, erg712820)

Other Fixes

1. The Berkeley DB Library (db) package, version 4.1.25:
   1. Minor configuration changes were done while building the db library.
      (ID: 530735)

   2. The Documentation was moved from /usr/docs to /usr/share/db/doc/ and link was added to DocView.
      (ID: 530735)

2. The General Purpose Data Compression Library (zlib) package, version 1.2.3:
   1. SECURITY: [SCOSA-2005.33] zlib has been updated from version 1.2.1-01 to 1.2.3 to fix several security problems. --
      Please see the zlib website for the list of changes. http://www.zlib.net
      (ID: 532198:1, 532826 ESC: erg712898)

3. The OpenSSL (openssl) package, version 0.9.7i:
   1. SECURITY: OpenSSL has been updated from version 0.9.7d to 0.9.7i. --
      [SCOSA-2005.48] Please see the openssl website for the list of changes. http://www.openssl.org/
      (ID: 531858:1, 533160)

   2. The OpenSSL Documentation (openssld) package, version 0.9.7i, provides the updated documentation for the openssl package version 0.9.7i.

4. UW7.1.4 ide driver returns Undefined Symbol fs_clrioevent in loadable module --
   While prototyping, doGetHBA has been changed to force the user to first load the HBA's from the base OS CD and then give the options to load the TP HBAs. This ensures that the .extra.d/ tools are also copied properly.
   (ID: 530541:1 ESC: erg712766)

5. URK714:Filesystem missing from vfstab is not replicated --
   sliceinfo script has been changed to mount the slices having fs but not mounted to temporary mount points and hence replicated properly.
   (ID: 530568:1 ESC: erg712744)

6. Listing groups using the ScoAdmin Account Manager dumps core for certain sized group entries --
   Long entries in /etc/passwd, /etc/group, and /etc/shadow caused the listgrp function to dump core. This has been fixed.
   (ID: 531950:2 ESC: erg712834)

7. Provide updated MySQL package for UnixWare 7.1.4 MP CD --
   MySQL package now included in ISO image.
   (ID: 530657:1)

8. SCO Clusters license definitions --
   Added SCO Clusters licenses in the default product database.
   (ID: 533284:2)

9. Need PMAPI calls for user and cpu counts --
   This problem has been resolved.
   (ID: 532928:2)

Drivers

1. Intel e1008g Gigabit driver 2.7.5 reports "Speed/Dx:10/H" --
   This problem has been resolved.
   (ID: 517482:1)

2. Intel Centrino Wireless driver --
   ipw, Intel Centrino PRO/Wireless 2200BG NIC driver supported adapters: Intel PRO/Wireless 2200BG NIC (built in laptop)
   (ID: 531382:2)

3. Intel PRO/100 eeE8 version 3.0.2 driver --

   eeE8 3.0.2, Intel(R) PRO/100 supported adapters:
   
   ================== CardBus Adapters ============
   
    Intel PRO/100 CardBus II        MBLA3300
    Intel PRO/100 S Mobile Adapter  MBLA3300 C3
    Intel PRO/100 CardBus II        MBLA3400
   
    645477-xxx    PRO/10+ PCI                              PILA8500
    649439-xxx    PRO/10+ PCI                              PILA8520
    701738-xxx    Pro/100+ PCI Management Adapter          PILA8461
    668081-xxx    Pro/100+ PCI                             PILA8460
   
    721383-xxx    Pro/100+ PCI Management Adapter          PILA8460B
    741462-xxx    Pro/100+ PCI                             PILA8460BN
    748566-xxx    PRO/100 S Management                     PILA8460BUS
    748564-xxx    PRO/100 S Management                     PILA8464B
    742252-xxx    InBusiness(tm) 10/100 adapter            SA101TX
    351361-xxx    PRO/100 PCI                              PILA8465
    352509-xxx    EtherExpress(tm) PRO/100B PCI adapter    PILA8465B
   
    352433-xxx    PRO/100B PCI T4                          PILA8475B
    691334-xxx    PRO/100+ PCI Management  Adapter         PILA8900
    A80897-xxx    PRO/100 M Desktop                        PILA8460M
    751767-xxx    PRO/100 S Desktop                        PILA8460C3
   
    ================== Server Adapters ============
   
    714303-xxx   PRO/100+ Dual Port Server Adapter         PILA8472
    748565-xxx   PRO/100 S Server                          PILA8474B
    748568-xxx   Intel(c)PRO/100 S Server                  PILA8474BUS
    710550-xxx   PRO/100+ PCI Server Adapter               PILA8470
    729757-xxx   PRO/100+ Server Adapter                   PILA8470B
    A56831-xxx   PRO/100 S Dual Port Server Adapter        PILA8472C3
    752438-xxx   PRO/100 S Server                          PILA8470C3
    A28276-001   Intel(c) PRO/100+ Dual Port Server Adapter 61PMCA00
   
    82559 Fast Ethernet LOM with Alert on LAN
    PRO/100 S Mobile LAN on Motherboard
   
    PRO/100 VM Network Connection
    PRO/100 VE Network Connection
   
    HP NC1120 Ethernet NIC
    HP NC3120 Fast Ethernet NIC
    HP NC3121 Fast Ethernet NIC
    HP NC3122 Fast Ethernet NIC
    HP NC3123 Fast Ethernet NIC
    HP NC3131 Fast Ethernet NIC
    HP NC3132 Fast Ethernet NIC
    HP NC3133 Fast Ethernet NIC
    HP NC3134 Fast Ethernet NIC
    HP NC3135 Fast Ethernet Upgrade Module
    HP NC3160 Fast Ethernet NIC
    HP NC3162 Fast Ethernet NIC
    HP NC3163 Fast Ethernet NIC
    HP 10/100 TX PCI Intel WOL UTP Controller
   

   (ID: 532544:1)

4. Kernel panic during reboot in closef_l+83 -> spec_close+200 -> device_close+43. --
   Race condition in DLPI open and close causing memory corruption.
   (ID: 532230:2)

5. nics and nd packaging rework --
   The tcpdump binary, and the libpcap library and header files have been moved from the nd package to the nics package.
   (ID: 533124:2)

§9.4: Problems Fixed in Maintenance Pack 4:

Commands and Utilities

Development System

Drivers

Graphics

Kernel

Installation

Networking

Operating System

SCOAdmin

Security

Other Fixes

Commands and Utilities

1. ps command does not output cpu time correctly --
   The ps utility has changed its default format displayed for processes using at least an hour's worth of CPU time when POSIX2 is set in the environment. The format used in this case is now [DDD-]HH:MM:SS, where SS is seconds, MM is minutes and HH is hours, all shown with two digits; DDD is days and are displayed only when necessary. Otherwise, the CPU time for processes remains as it has been -- M:SS, where M is minutes, taking as many digits as necessary. (ID: 532903:1)

2. /sbin/emergency_disk incorrectly enumerates cdrecord device --
   Updated /sbin/emergency_disk to correctly set the cdrecord device scsibus for all cases. (ID: 533423:2)

3. hpnpIS.model does not retry if the printer reports a fault. This results in lost prints --
   Fixed the issue of lost prints for hpnpIS.model script. (ID: 530365:1)

4. pkgadd and pkgrm send e-mails without subject line --
   The mail message sent to the system administrator announcing the results of a pkgadd or pkgrm will now include a simple subject string of "pkgadd" or "pkgrm" and the name of the package being installed or removed. (ID: 529864:1)

5. pkgadd does not properly install some files --
   A package installation bug which sometimes occurred when attempting to replace a symbolic link with a regular file (where the installation would fail with an internal consistency error) has been fixed. (ID: 530818:1)

6. depend(4) incompatible dependency not working correctly --
   A bug has been repaired where a package was blocked from being installed when it was taken to match an existing installed package's depend(4) "incompatible" entry, even though the entry had an architecture or version (or both) which did not match the package attempting to be installed. (ID: 531552:1)

7. add -DTRR_HACK to 8.1.13 --
   The MP4 sendmail 8.1.13 includes a modification that causes /usr/lib/sendmail -C conffile invocations where conffile corresponds to the name of the sendmail binary to be processed with full privileges. (ID: 534887:1)

8. syslogd core dumps if syslog.conf contains spaces --
   Fixed core dump issue when TABs are replaced by spaces between facility:level and target in syslog.conf. (ID: 534059:2)

9. uadmin hangs system --
   Improvements to uadmin reduce delay during shutdown. (ID: 534484:2)

10. extended DST will require new timezone rules --
    The US Daylight Saving Time rules were changed in 2005 to come into effect in 2007. Now DST starts at 2am (local time) on the second Sunday of March, and ends at 2am on the first Sunday of November. (ID: 532758:2 SLS: ptf9052e)

11. Australia changes TZ rules --
    Western Australia has decided to reinstate Daylight Saving Time for a few years. This update to the compiled timezone files (in /etc/TZ) includes this change. (ID: 534117:1 SLS: ptf9052f)

12. Diff -h gives a core dump on certain ASCII files --
    "Memory fault (coredump)" may occur on a "half-hearted" diff command - "diff -h". Problem was an insufficient buffer size allocated for handling UTF-8 characters. This problem has been fixed. (ID: 515381:1)

13. The "file" command should be able to identify huge files (>2GB) --
    The file command has been modified to use specific 64-bit stat and open functions, allowing files greater that 2 gigabytes to be queried. (ID: 533973:1)

14. Xenix version 2.3 or 3.0 a.out not reported as "pre-SysV" --
    The file command now correctly reports "pre-SysV" for version 2.3 and 3.0 Microsoft Xenix a.out files. (ID: 534488:2)

15. Add context feature to grep matching the GNU version --
    grep and egrep now support a context window feature. With -C, they will by default display the two previous and two successive lines surrounding the line matching the regular expression. The window size can be adjusted from the default with -A num (how many lines after) and -B num (how many lines before). Disjoint matching context windows are separated by a "--" line. (ID: 533835:1)

16. /u95/bin/ksh memory leak --
    The newer Korn shell (ksh93) has been built so that it has a smaller memory footprint. (ID: 534721:1)

17. ksh has problems with high radix arithmetic --
    The Korn shell's handling of I/O for numeric variables with bases 49 through 64 has been repaired. The digits 'M', 'N', '', and '_' had been mishandled. (ID: 534835:1)

18. /usr/bin/login sometimes fails when trying to change to user's home directory. --
    Fixed a memory corruption problem in /usr/bin/login that caused it to fail when trying to change to the user's home directory. This problem only affected /usr/bin/login; it did not affect /usr/lib/iaf/login/scheme. (ID: 533920:2)

19. usemouse is sending extra "right button press" indication --
    Correctly process the mouse motion and button events. (ID: 534725:3)

20. ln -sf src dst where "dst" exists fails, where -f should make it work regardless --
    The ln utility was repaired so that the combination of the -s and -f options will cause the symbolic link to be created, even if the file already exists. (ID: 534091:1)

21. pkgmk fails when using '-c' and packaging a file like 'file$1name' --
    A problem existed, where, if pkgmk was invoked with the compress (-c) option, and the prototype file had a filename mentioned which had a '$' in it, the pkgmk would fail. This problem has been resolved. (ID: 534023:1)

22. Upgrade UnixWare sed so that it has "no" fixed limits --
    All fixed limits (buffer sizes, line lengths, and so on) have been removed from the sed utility. (ID: 533836:1)

23. vi does not work with large windows --
    The internal buffer sizes for vi have been substantially increased to permit handling of larger text window sizes and files with longer line lengths. (ID: 534881:1)

24. Update emergency_disk mkisofs and cdrecord options --
    Some /sbin/emergency_disk mkisofs and cdrecord options have been changed when writing to CD-R or -RW media: - Removed the mkisofs and cdrecord -v options to significantly reduce the /sbin/emergency_disk command output while still displaying a sufficient amount of output for debugging potential problems. - Changed the mkisofs -P option to -publisher to avoid warnings about its use. - Changed the mkisofs floppy-emulation boot option to no-emulation to eliminate the 2.88 MB cdrom boot image size limit. - Added the cdrecord -gracetime=2 option (the minimum) to reduce the pause before writing to the media. (ID: 534331:2)

25. Can't access USB tape drive using emergency recovery cdrom --
    Create USB tape drive device nodes when using the emergency recovery cdrom tape restore option. (ID: 534147:3)

Development System

26. "putenv()" deadlocks in multithreaded code --
    A potential deadlock for threaded programs calling putenv() or setenv() very early (before any dynamic memory allocation has occurred) has been eliminated. (ID: 534709:1)

27. Cast of C++ address constant to "long long" results in ICE or bad code. --
    The C++ compiler was fixed so that it neither generates bad code nor fails with an internal compiler error when casting an address constant to a 64-bit integer type. (ID: 534078:1)

28. C++ compiler assertion failure in automatic template instantiation --
    A C++ internal compiler error failure (an assertion in templates.c) has been fixed involving automatic template instantiation. (ID: 534213:2)

29. Spurious diagnostic on members of nested classes in unnamed namespace --
    When a member function of a nested class in an unnamed namespace was defined, the C++ compiler used to issue a warning that that function was defined but not referenced even though it was used by a member function of the enclosing class. (ID: 534214:2)

30. Incorrect clean-up of EH object - ptr to class --
    When the type of a thrown C++ exception was of type "pointer to class", the C++ runtime exception handling was incorrectly attempting to call the destructor of the class pointed to upon completion of the exception "catch" handler. This runtime bug has been fixed. (ID: 534238:1)

31. Using declaration error - too strict interpretation of C++ standard --
    Member using-declarations must refer to declarations that are visible in a direct base class. The C++ compiler used to interpret this rule too strictly when the using-declaration refers to an overloaded function that is made visible in a direct base class through another using-declaration. This is now fixed. (ID: 534675:1)

32. UW714 MP3 C++ code generation defaulting to SIGNED bit fields --
    Code generation fixes in MP3 has caused the C++ compiler to treat "plain" bit-fields as signed bit-fields. This is contrary to past practice and the SVR5 (UDK) ABI. This fix is to restore previous and expected behavior. Problem originally corrected in ptf9052d or later. Should C++ developers actually want "plain" bit-fields to be treated as "signed" bit-fields, a new C++ option has been added to allow this. The new option is "-Wf,--signed_bit_fields" on the CC command line. (ID: 533962:1 SLS: ptf9052d)

33. C++ decrement of char bit-fields result in invalid assembly instruction and register combo --
    An assembly syntax error generated for a C++ prefix or postfix decrement of an "unsigned char" bit-field has been corrected. (ID: 533998:1)

34. RTTI symbols must be available at runtime for OpenOffice port to SCO Unix --
    In support of a port of Open Office 2.x, the C++ compiler now treats RunTime Type Information (RTTI) symbols as global, weak symbols. This allows the Open Office native C++ to UNO bridge to locate and use C++ generated RTTI info when converting UNO exceptions into native C++ exceptions. (ID: 534208:2)

35. Assembler error: part of large C++ template function name read as an opcode --
    An insufficient buffer to contain very, very large mangled template function names in the C++ exception handling range table post code generation processing has been resolved. (ID: 534249:2)

36. Postfix addition executed twice when used as index in arg to strcpy() --
    A C++ code generation bug where a prefix or postfix operator expression used as an index may be executed twice has been fixed. Incorrect code was limited to cases where the expression was part of an argument to a "single statement" inline function and that argument was used multiple times in that single statement. The problem could also manifest itself if the function was one of the known C standard functions that the compiler may be able to treat as an inline function. (ID: 534437:2 SLS: ptf9052h)

37. Invalid code when field operator used directly with function call returning a class or struct --
    A C++ internal compiler error or invalid code generation could occur for an expression that dereferenced a member (type pointer) of the result of a call to a function returning a struct, union or class. This was not a problem with a constructor, or function returning reference or pointer to a struct or class.

       struct A func_returning_struct ();
    
            func_returning_struct().ptr -> other_field; 
    

    This problem has been fixed. (ID: 534445:1 SLS: ptf9052h)

38. ::wctrans() undefined when _XOPEN_SOURCE is defined --
    If _XOPEN_SOURCE is defined, the C wctrans() function is not available. The C++ header file cwctype has been updated to abide by that restriction. (ID: 533723:2)

39. Definition of template class const_mem_fun1_t<> incorrect in header "CC/functional" --
    The template function prototype for const_mem_fun1_t() was corrected; "const" qualifier added to the first argument. (ID: 533785:1)

40. Assembler syntax error on C++ inline function - when optimized --
    When removing register(s) containing a known zero value from base or base/indexing addresses, the assembly code optimizer has been fixed to replace an implicit zero displacement with an explicit zero displacement to maintain acceptable assembly operand syntax. (ID: 534166:2)

41. Conversion to floating from [unsigned] long long in cplusfe is broken --
    Compile time constant conversion involving the cast of a long long integer constant to a floating point was incorrectly truncating the integer value to a 32-bit value before conversion. (ID: 533617:2)

42. ICE: Internal Compiler Error - Open Office 2.0.3 port --
    An internal compiler error (ICE) in the C++ compiler detected when porting Open Office 2.0.x has been corrected. The ICE occurred when initializing a large, complex static const array needing runtime results from template functions. (ID: 534043:2 SLS: ptf9052d)

43. Misused intrinsic APIs generate lame diagnostic --
    At times brief compilation tests are performed by configure scripts and the like which produce executables which are never intended to be run. As such they may try to "get away" with incomplete calls, such as the following for memset:

    int main(void){return memset();}
    

    Unfortunately this would result in strange diagnostics like "no actual for asm formal: y". This fix changes the compiler so that it will not issue such complaints unless the ASM function code is actually present in the compilation unit. (ID: 534158:1)

44. Compiler should warn about unusual _Bool bit field sizes --
    The C compiler is updated to warn when it sees the declaration of a boolean bit-field with a width of more than one bit. (ID: 534130:1)

45. Dropped padding in automatic aggregate initialization --
    In certain initializations of automatic (stack) aggregates, the C compiler (prior to this fix) would leave insufficient space for the part to be filled in at runtime. (ID: 534212:1)

46. Problems found running PlumHall test suite --
    For strict C90 conformance, when compiling -Xc mode the C compiler will take a //* character sequence as being a division operator followed by the start of a comment instead of being just the start of a //-style comment. It will warn when doing so as this is a change in behavior, albeit a very minor, dusty corner case. Also, the simplest style of compound literal, like (int){2} was broken by a recent repair. This problem has been corrected. (ID: 534226:1)

47. Assembly optimizer erroneously deleting some 3 operand SHLDL instrs --
    A bug in the assembly language code peep-hole optimizer, where a three operand SHLDL instruction may be removed erroneously, has been fixed. (ID: 534233:2)

48. cc/CC should automatically pass -$ to acomp for .S file preprocessing --
    The cc and CC commands now preprocess .S files so that a $ is a valid identifier character, as it is commonly used as such in assembly code. (ID: 534092:1)

49. Buffer overflow - instruction line - symbolic info and C++ template functions --
    The disassembler (dis) may encounter a local buffer overflow when adding symbolic information (-s option) to local branch instructions if the the C++ template function signature is very long. This can occur with a large number of arguments of template class types. The problem has been fixed. (ID: 534579:2)

50. ld can overlay hidden objects in bss when creating relocatable object file --
    If ld was used to create an object file from a collection of other object files, some of which included uninitialized static storage (BSS), and name visibility (-B hide or -B export) is applied, then (prior to this fix) some of these BSS symbols could end up assigned improper addresses. (ID: 533672:1 SLS: ptf9052b)

51. application dumps core with ptf9052 linker --
    Fixed a problem introduced in ptf9052b which caused ld to allocate and assign improper addresses to some uninitialized static data (BSS) variables when building shared libraries and using name visibility control (-B hide or -B export). (ID: 534100:2)

52. nm - nullptr dereference on many C++ object files --
    This fixes a null pointer access bug present when nm was used on ELF files with STV_EXPORTED symbol visibility present. (ID: 534167:1)

53. SVR5 curses unable to draw vertical or horizontal lines on ansi VT screen --
    The SVR5 ABI hline() and vline() curses APIs were fixed so that they use the line-drawing characters on ANSI screens. (ID: 534175:2)

54. optim bug causes driver panic --
    A bug in the assembly code optimizer logic was corrected where it eliminated certain register-to-register MOV instructions erroneously believed to be redundant, resulting in the loss of a CSE (common subexpression) value in a register. (ID: 533819:2)

55. Loop unrolling breaks updated sed's ycomp() --
    The assembler peep-hole optimizer (/usr/ccs/lib/optim) may, on rare occasions, incorrectly remove the "testl" instruction on a loop where the loop-variable is progressing to zero and a previous optimization replaced the decrement (DECL) instruction with an equivalent instruction that does not affect the condition codes. This problem has been corrected. (ID: 533839:1)

56. Optim malloc loop exhausts memory --
    A memory allocation logic problem which could result in the exhaustion of available memory has been fixed in the assembly peep-hole optimizer. (ID: 534250:2)

57. Special symbol __libC_init for RRTLD is not visible in libC.so.1 --
    The special symbol to denote that libc.so.1 is one of the system libraries where the initialization order is important was not properly exported. An updated libC.so.1 runtime is provided for both the SVR5 and OSR5 ABIs (ID: 534205:1)

58. Missing API - madvise() implied in sys/mman.h --
    To aid in porting open source code, the UnixWare C library now contains madvise() and posix_madvise() APIs. (ID: 533578:1)

59. Missing NSS modules routinely reported in syslog --
    The NSS switching code in the C library will no longer log system diagnostic warnings when an NSS module does not exist in the /usr/lib/nss directory. (ID: 533825:1)

60. wcsrtombs(NULL,...) with bogus code value other than first seg faults --
    A bug was fixed where if wcsrtombs() was asked to compute the length needed to hold a wide character string (a null pointer is given as the destination) and the incoming multibyte string contains an invalid code somewhere other than at the string start, a segmentation fault would result when it attempted to write using the null pointer. (ID: 534135:1)

61. nsdispatch() fails to clear "unreg" member for nonexistent modules --
    A bug was fixed in the C library in which a segmentation fault could occur within NSS processing, but only when a /etc/nsswitch.conf file exists and is later modified. The only known program affected was /usr/lib/saf/ttymon. (ID: 534239:1 SLS: ptf9052h)

62. NSS issues --
    The NSS switching code in the C library was modified so that it will no longer log system diagnostic messages for missing "initgroups" APIs, nor will it fail to walk through all the available database entries when using the getXXent() or getXXent_r() routines. (ID: 534276:1 SLS: ptf9052h)

63. strftime() on OSR has %s extension, UW should match it --
    For compatibility with OpenServer, the SVR5 strftime() routine now supports %s, for "seconds since the Epoch". (ID: 534396:1)

64. Enable optional RTLD features for cross GWXLIBS build --
    The dynamic linker, also known as RTLD, has been extended to support the following features:
    1. The environment variables LD_PRELOAD and LD_INSERT used to specify additional shared libraries to be loaded into processes.
    2. The environment variable LD_ROOT used to prefix the start of full pathnames when looking for shared libraries.
    3. The control file /etc/default/rtld which can be used to provide values for LD_LIBRARY_PATH and other environment variables (other than the LD_TRACE... ones) which will NOT be skipped for setuid-on-execution processes. Note that the /etc/default/rtld variable names do not include the LD_ prefix. (ID: 534109:1)

65. UW714 MP3 ld not handling g++ static array initialization stubs in RT .fini & .init --
    Cause ld *not* to create text relocations for the special "init" and "fini" array symbols referenced from the crti.o object file. In practice, neither cc nor CC will currently generate any code which uses this feature, but someday they might (or other compilers might). Text relocations generally are "just" a mild performance hit as they require temporarily changing the read-only text segment to be made writable to perform the relocations, but when these binaries are used on OSR5, they can have a more unfortunate effect of causing them to fail at startup as sometimes the OSR5 kernel refuses to permit such temporary permission changes. (ID: 533638:1)

66. Add shell-style patterns to lists of symbols in ld --
    The ld command is enhanced to take shell-style patterns as well as regular symbol names in all of the various -B options. For each one that accepts a "list" or "symfile", one can now cover all symbol names that match the list of symbol name patterns. (ID: 534216:1)

67. /usr/bin/javaexec updated to support J2SE 5.0. --
    The /usr/bin/javaexec command, used by the kernel to control Java VM invocation for first-class executables, has been updated to handle J2SE 5.0 Java classes. (ID: 534029:1 SLS: ptf9052d)

68. Update mcs to generate correct binaries --
    The strip and mcs ELF (object file) utilities have been updated to take into account the presence of the gABI grouping feature. See SHT_GROUP and SHT_SYMTAB_SHYNDX which are found in the elf.h header. (ID: 533854:3)

69. OSR5 applications running on UW7 use more file descriptors than when running on OSR5 --
    Allow MAP_ANONYMOUS for all processes, including those running OSR5-ABI programs, in order to eliminate extra opens of /dev/zero by the runtime linker, thereby keeping file descriptor usage by OSR5-ABI programs running on UW7 similar to the usage when running on OSR5. (ID: 534174:3)

Drivers

70. System hangs in asyc driver on UW714MP3 --
    Eliminate system hangs that can occur when serial lines are in use. (ID: 534127:2)

71. Cannot idbuild a new kernel after upgrade to uw714mp3 --
    A bug introduced in MP3 was repaired which sometimes caused the kernel to fail to be able to be rebuilt after a driver change. As part of the changes, the following now occurs:
    • The standard error output of idinstall is put in a log file, and
    • The log files are kept in the regular /var/sadm/install/logs directory.

    NOTE: MP3 was re-released in May, 2006 to fix this one bug.

    (ID: 533587:1)

72. Process Intel's e1008g 9.2.6 NIC handoff --
    The Intel e1008g NIC driver has been updated to version 9.2.6. (ID: 534141:2)

73. Reset doesn't work on Legacy free BIOSes --
    Fixed soft reboot on some servers with a legacy free BIOS. (ID: 533504:2 SLS: ptf9052)

74. Combined IDE mode does not work on HP servers --
    Added full support for Intel ide ICH Enhanced and Compatibility Mode. (ID: 533413:3 SLS: ptf9052)

75. Iomega Rev changer not recognized correctly by USB --
    Recognize Iomega REV changer by not caching INQ across LUNS. The USB stack now recognizes the changer component of the REV 280 and REV 560 autoloaders. (ID: 534075:1)

76. Incorrect mode for USB printers --
    An issue was addressed, where cups may not work properly with USB printers. This was caused by incorrect permissions on the /dev/usblp-* and /dev/usb_prnt* nodes. The permissions have been changed to root as owner, lp as group, and with mode 0660 to work properly with cups. This correction has also been reflected in a new version of the udisetup program. (ID: 534563:1)

77. usbprobe command is not installed --
    A usbprobe command has been added to help identify USB devices. (ID: 534038:1)

Graphics

78. Japanese input method issue --
    A bug was repaired that occurred when Japanese characters in dtterm windows were erroneously displayed after the window was resized. Prior to this fix, the user needed to press the enter key to correct the displayed characters. (ID: 531471:2 ESC: erg712806)

79. kinput2 crashes under certain circumstances --
    In some situations when using the kinput2 input method, some applications like Mozilla could cause kinput2 to die when a pop-up window was present and had focus but another window was to be used. kinput2 has been repaired so that it appropriately changes the graphical focus in such circumstances so that it no longer dies. (ID: 532284:2 ESC: erg712847)

80. Japanese Input method sometimes does not receive control characters --
    A bug was repaired in which the kinput2 Japanese input method sometimes would mistakenly fail to receive control characters typed for it. (ID: 533547:2)

81. Application using Japanese Input Method crashes under certain circumstances --
    At times applications using the kinput2 Japanese input method would die with an internal fault due to a mistake in the event handling code within the input method. The error has now been fixed. (ID: 533547:3)

82. Japanese kinput2 Input Method exits when input window is explicitly closed --
    Applications using the kinput2 Japanese input method could suffer premature shutdown when a transient window was closed other than through keyboard input. This problem has been fixed. (ID: 533547:4)

83. Added new resource to control Input Method status line display --
    A StatusLineBC resource has been added to the Motif library to make it possible to have the input method's status line displayed only when activated (such as after typing shift-space when using the kinput2 Japanese input method) and disappears again when not active. (ID: 533991:1)

84. Cannot display Japanese character if text color is changed --
    A bug was repaired in the kinput Japanese input method where after a color change, both the fore- and background colors of text where changed, causing the text to become unreadable. (ID: 532242:2 ESC: erg712844)

85. libXm.so.1.3 - List.c - not redrawing list when valid mouse wheel scroll --
    The Motif (1.3) library was updated to support scrollable list adjustment by using the mouse scroll wheel. This specifically makes such available for Java. (ID: 533978:3)

Kernel

86. Increase clock frequency to allow fine-grain user control for multimedia apps. --
    The clock interrupt frequency is now configurable using a new boot parameter KHZ. KHZ can be set to be 100 (the default, for full compatibility) meaning 100 clock ticks per second, 200, 500, 1000, or 2000. Outside the kernel, only the setitimer() system call is affected by changing the KHZ setting. By setting KHZ to a higher value, setitimer() will present a finer granularity, providing help to those applications, such as multimedia ones, that can make use of such. (ID: 533870:1 SLS: ptf9052e)

87. Hot removal of devices may panic kernel in certain circumstances. --
    Fix problems that may cause a kernel panic after hot removal of a USB device. (ID: 533714:2)

88. Set default clock tick value to 100 rather than 1000 --
    Ensure that the compatible value of 100 for the new boot parameter KHZ is what is used by default. (ID: 534165:1 SLS: ptf9052g)

89. Some platforms may lock up when hyperthreading or multicore support is enabled. --
    1. Add support for "hybrid" ACPI/MPS system initialization, required on some platforms when hyperthreading or multicore support is enabled. Hybrid ACPI/MPS system initialization takes processor information from ACPI BIOS tables and all other platform information from MPS BIOS tables.

    Specifying "ACPI=X" in /stand/boot or at the interactive boot prompt enables hybrid ACPI/MPS initialization when hyperthreading or multicore support is also enabled. Hybrid ACPI/MPS initialization should be enabled only if the default full-ACPI based initialization fails.

    2. Implement dynamic PCI interrupt assignment to fix interrupt related problems seen on some platforms when hyperthreading, multicore, and/or ACPI are enabled. Observed problems included excess interrupt activity, poor device response, and device timeouts.

    3. Allow override of kernel algorithms for sorting the processors listed in ACPI BIOS tables through the use of the new LAPIC_SORT parameter. This is necessary on some platforms to ensure that all logical processors can be used even if the ACPIS BIOS tables does not list them in the proper order.

    Specifying "LAPIC_SORT=Y" in /stand/boot or at the interactive boot prompt will cause the kernel to reorder the processors listed in the ACPI BIOS tables; "LAPIC_SORT=N" disables that reordering. If LAPIC_SORT is unspecified, then the kernel uses its own internal algorithm to determine whether to reorder the processors listed in the tables. (ID: 533926:2 SLS: ptf9052d)

90. increase default thread stack size --
    The default thread stack size was increased from 16k to 64k, the better to match common expectations of open source code. (ID: 534663:1)

91. libthread setcontext() garbles signal (blocking) mask if mask was not to be restored --
    A libthread bug has been repaired, in which it caused the signal mask inappropriately to be changed to block most signals when a thread used sigsetjmp()/siglongjmp() and had requested that the signal mask NOT be saved. (ID: 534701:1)

92. System panics in VxFS code. --
    A VXFS-related kernel panic was fixed. (ID: 534067:3)

93. Add AGP GART support --
    Add AGP GART support in the kernel. (ID: 534017:1)

94. Panic occur if I use 640MB MO disk as dosfs filesystem --
    Panic on dosfs filesystem for 640MB MO disk drive has been fixed. (ID: 534171:2)

95. Application fails to open more than 60-70 files for ISAM --
    An kernel error was repaired in handling the OSR5 ABI sem/msg/shm system call families in which an EOVERFLOW error was returned instead of processing the request. (ID: 534061:3)

96. panic in put from strdaemon --
    A race condition bug that could cause a kernel panic has been repaired. The race was between a TCP endpoint being simultaneously closed and aborted. (ID: 534173:3)

97. Processor cores not enabled on some platforms --
    Fixed three problems related to multicore and hyperthread support:

    1. The OS sometimes failed to recognize some processor cores because of mishandling of the LAPIC_SORT boot parameter. Previously, the LAPIC_SORT boot parameter erroneously defaulted to NO and setting it to YES has no effect; it now defaults to YES.

    2. The number of available processor cores may be cut in half on systems on which the processor supports hyperthreading but on which the BIOS has hyperthreading disabled.

    3. An error in the processor licensing check could prevent some processor cores from coming online even when the system had the requisite processor licensing. (ID: 534338:3)

98. condition in the unixware kernel where a null pointer is dereferenced and a function pointer is call --
    A kernel bug was repaired in which a null pointer can be dereferenced due to mishandling of an mmap() system call error case. (ID: 534346:2)

Installation

99. System console is sometimes non-functional after first reboot --
    A kernel bug was repaired in which a file that should have been a "named pipe" is instead taken to be a character device.

    This very unusual situation only occurred when an inode number was first used for /dev/udp or /dev/tcp, then deleted, and then reused for a named pipe. (ID: 533770:4 SLS: ptf9052c)

100. installsrv doesn't handle /upd.additions packages in datastream format --
     Updated /usr/sbin/installsrv to handle installation cdrom /upd.additions packages in datastream format in addition to filesystem format. (ID: 533771:1)

101. Some platforms may panic if 5 option cards are installed. --
     Eliminated a NULL pointer dereference in a low-level kernel-to-BIOS interface routine that resulted in kernel panics under certain conditions, including when five or more option cards were installed on some platforms. (ID: 534773:2)

102. pam_mkhomedir added to ptf9052g for UnixWare 7.1.4 Samba Supplement --
     The pam_mkhomedir module enables an administrator to create a user's home directory the first time they log into a particular system. This is useful with a centrally administered user database (IE: LDAP). It obviates the need for a distributed file system, or manually creating local home directories for users that may never actually use them. (ID: 534014:3 SLS: ptf9052g)

103. Add modjk to UnixWare 7.1.4 MP CD and remove modjk1 --
     UnixWare 7.1.4 MP4 provides the modjk package for the first time. modjk replaces the earlier modjk1, "mod_jk2 for Apache 1," package. The modjk1 package (version 2.0.4) was introduced in UnixWare 7.1.4 MP1 and provided in UnixWare 7.1.4 MP2 and MP3. If you select to install the modjk package, install.sh (when invoked without options) prompts whether to remove modjk1 or to skip installing modjk. (ID: 534712:1)

104. MP Install: Move install.sh Mozilla prompt to up-front interview instead of midway through install --
     install.sh is updated to do all prompting upfront instead of providing a Mozilla prompt halfway through the MP pkgadd install process. (ID: 534713:1)

105. install.sh did not display some package long names --
     Previously the UnixWare 7.1.4 MP install.sh script replaced greater than 47 characters package long names with the package short name. Now install.sh displays the first 43 characters followed by " ...". (ID: 534714:1)

106. uw714mp[34] install.sh pkg installs fail if original 7.1.4 install did not install prereqs --
     install.sh now checks whether the inet, jpeg, urwfonts, glib, gtk, or libIDL from the original UnixWare 7.1.4 media is needed for your package selection but are not installed. If so, you can select to have install.sh install the missing prerequisite.

     Note: These prerequisite packages are always installed by ISL and should not be pkgrm. If you pkgrm any of these packages then you may encounter MP4 pkgadd failures due to missing prerequisites:

                acp             base            ed              els
                expect          fmli            libC            libc
                libm            libosr          libthread       ls
                modem           mouse           netmgt          nsu
                openssh         openssl         openssld        perl5
                scoadmin        syshead         tclrun          terminf
                uccs            udidk           udienv          usb
                vtclrun         zlib            update714
     

     (ID: 534715:1)

107. uw714mp4 install.sh enhancements --
     The UnixWare 7.1.4 MP install.sh script was enhanced to handle a plethora of installation permutation options. Among the changes are:

     1. More consistent per-package menu screens (e.g., Mozilla 1.2.x upgrade screen).

     2. A screen offering the user the option to skip the package selection screens (default values are used). Per-package prompts are still displayed.

     3. Fully installed packages are not displayed on the installation selection screens. This makes it clear which packages are available on the UnixWare 7.1.4 MP CD that you may want to install. (You can stiill use install.sh to overlay the current version of a package on top of itself. Simply run "install.sh pkgname".)

     4. install.sh's concluding status message now shows SKIPPED (not offered for installation since this or an earlier version is already installed) packages before the just installed packages and any package installation failures. This helps ensure that the installed package list does not scroll off your screen.

     5. The mpdoc package is only selected for installation if the current version is not already on the system. Previously the package was always selected resulting in unneeded reinstallations. (ID: 534817:1)

108. Additional uw714mp* install.sh performance, usability, and edge case handling improvements --
     

     1. In general noninteractive MP4 installs (install.sh -n) are discouraged. This option is intended for replicated servers where an interactive install was first done on a test server. To avoid accidentally using the -n option, a message is displayed and the user is given a short period of time (15 - 20 seconds) to abort the installation.

     2. If a 1.2.x version of Mozilla is installed, install.sh in interactive mode asks if it can be removed (if you answer no then the new Mozilla version is not installed). In non-interactive mode the old version is removed and the new version is installed.

     3. If the deprecated modjk1 is installed then, by default, install.sh selects modjk. In interactive mode you are prompted whether to keep the old modjk1 or upgrade to the new modjk. In non-interactive mode the old modjk1 is removed and the new modjk is installed.

     4. In interactive mode a new menu screen is displayed asking if you want to review and/or change the default package selection. The package selection screens are then displayed only if you request this at the initial prompt. (ID: 534841:1)

Networking

109. system panic at dlpi_send_iocack+d --
     A panic condition fixed in dlpi module. (ID: 532999:3 ESC: erg712943)

110. rx stats (mac_no_resource) get reported as tx (netstat oerrors) --
     The transmit errors were incorrectly reported as receive errors and vice versa for several media types. (ID: 533656:1)

111. ftp daemon does not allow site umask commands --
     Fixed the ftp daemon so that SITE commands other than LANG (such as umask) will work again. (ID: 534179:1)

112. arp bug with MAC address changes for IP sharing dual port NICS --
     A bug was repaired in which ARP messages were not printed correctly when the MAC address of an existing arp entry was changed. (ID: 533779:1)

113. linux NIS slave cannot login NIS users with passwords > 8 characters from UW714 master --
     The PAM (Pluggable Authentication Method) module for regular password authentication for NIS users has been fixed to do encryption compatible with UnixWare's behavior prior to PAM's introduction. (ID: 534027:1)

114. accept() doesn't handle O_NONBLOCK correctly --
     A bug in the kernel was repaired so that poll()/select() now behave according to The Open Group specifications when the socket is listening and nonblocking. (ID: 533560:2)

115. Extra defines needed in in6_f.h --
     Add additional defines referencing 16-bit and 32-bit equivalent of IPv6 address to allow build of open source modules. (ID: 534541:1)

116. accept() does not set sockaddr's sa_family field to AF_UNIX --
     Set length and family in the return address of the accept system call for UNIX domain sockets. (ID: 534555:1)

117. Add IGMPv3 support --
     Preparatory changes for IGMPv3 in future release. (ID: 534129:1)

118. Send an ACK if many small-packet size data are received --
     Send an ACK if all queued data consisting of very small packet size is processed regardless of whether delay-ACK is enabled. (ID: 518838:4)

119. Kernel panic in tcplrput() function --
     A kernel bug that could cause a panic was repaired which occurred when prematurely reusing TCP minor numbers when a connection was simultaneously being shutdown. (ID: 534203:3)

120. small final segment TCP packets are not processed correctly --
     Avoid miscalculating checksum for the last segment in a multi-segment transfer when it is less than 8 bytes. (ID: 534293:4)

121. in.dhcpc has the word "rejected" misspelled twice as rejected. --
     Fix typos in log output from in.dhcpc. (ID: 510601:1)

122. Enable distribution of shadow entries via NIS --
     Added NSS and NIS-ized support for "shadow" database and its associated APIs. (ID: 533730:2)

123. dlpid does not failover to chain of NICs, nor share backups, mismatching our doc --
     Following new features are added/updated related to failback/failover of NICs -
     - A NIC can be configured as the backup of one or more than one NICs.
     - Backup of a backup NIC can be configured.
     - Protocol Information of a backup device can be viewed.
     - The main tree gives more backup NICs info.
     - Updated for features - "Switch to backup" & "Revert to primary".
     - Updated for removing primary/backup devices. (ID: 529245:6)

124. Receipt of improperly formed LLC XID packets and TEST frames may cause memory leaks. --
     Fixed a bug in the dlpi driver to prevent streams memory leaks that could occur when improperly formed LLC XID packets were received from some routers, and a similar bug caused by receipt of improperly formed LLC test frames. (ID: 533862:3)

125. Update SendMail --
     Sendmail has been updated to version 8.13.8. (ID: 534095:2)

126. setacl and getacl commands obtain user and group information from local files only, --
     Enable setacl and getacl to access user and group information from sources other than /etc/passwd and /etc/group. For example, if NIS is enabled, setacl and getacl will recognize user and group names provided by the NIS server, even if such names are not locally defined. (ID: 533532:1)

127. "ps -f" does not convert numerical UIDs to NIS user names --
     For a system set up with reasonably dynamic user accounts (such as NIS), the cached UID-to-login name mapping saved by the ps command could end up without displaying a login name for a newish UID. ps has been changed so that it will now regenerate its mapping information when it finds that what it has cached is out-of-date. (ID: 533533:1)

128. bug in /usr/lib/ns.so.1 causes program to core dump --
     Threaded programs that call some getXXent APIs but not ones from *both* passwd and group will no longer core dump due to a segmentation fault in /usr/lib/ns.so.1, the dynamic shared library which provides NIS-based passwd and group lookups. (ID: 533620:2 SLS: ptf9052)

129. netstat -ian does not show the correct number of multicast addresses --
     The kernel was updated to provide for larger valued number of multicast addresses for netstat to display. (ID: 533900:3)

Operating System

130. Enhanced sysconf to determine the number of physical CPUs --
     A new parameter _SC_NPROCESSORS_PHYS is added to sysconf(3C) to return the number of physical CPUs. (ID: 533461:1 SLS: ptf9052)

131. include latest sysinfo updates in next MP release --
     The sysinfo utility was updated to collect additional information, including ODM, ReliantHA, SCO Office, and Hipcheck optional services information. (ID: 534247:1)

132. Australia has changed its switch from DST this year and we need to cater for it --
     The timezone database was updated to include all the recent changes in various countries, including the US and Australia. (ID: 533648:2 SLS: ptf9053 version a)

133. Australia/New Zealand timezone rules need to be updated --
     The compiled timezone files (under /etc/TZ) have been updated to match the rules as of the end of March 2008. This includes the latest Australia and New Zealand changes. (ID: 534795:1)

134. Port libreadline 5.1 --
     readline 5.1 is provided in readline package. (ID: 533996:1)

135. No longer enforce licensed number of CPUs --
     Updated the licensing daemon /etc/sco_pmd to no longer enforce a limit on the number of CPUs. (ID: 534688:1)

136. manage_sendmail does not restart /usr/lib/sendmail --
     The /etc/mail/manage_sendmail utility now correctly stops and restarts sendmail after (re)generating the configuration file. (ID: 534844:1)

137. Port cups-1.3.3 --
     UnixWare 7.1.4 MP4 updates CUPS to version 1.3.3. Prior UnixWare 7.1.4 releases provided variations of version 1.1.19. (ID: 534544:1)

138. lpnet hang when printing to Microsoft XP BSD server (jsb multiview) --
     Some memset calls fixed in lpNet. (ID: 533649:2)

139. Account locking feature not working on MP3 with ptf9052g installed --
     The previously disfunctional -l option to passwd (lock the account) has been repaired. (ID: 534181:1)

140. chmod 444 /etc/openldap/ldap.conf to avoid NSS_LDAP module assertion failure --
     Fixed /etc/openldap/ldap.conf.default to be world readable, so that the actual LDAP configuration file ldap.conf, will be world readable as well. (ID: 534411:2)

141. **panic in vx_ifree_scan_list --
     Fixed a race between FS unmounting/deletion and the inode freelist scan routine. This race leads to an inode being removed "twice" from the freelist, thus, causing panic. (ID: 533024:3 ESC: erg712951)

142. Uninitialized variable in dialpass module generates SIGSEGV, causing login failures --
     Fixed an uninitialized variable in the PAM dialpass module (/usr/lib/security/pam_dialpass.so) that could cause authentication failures and/or core dumps when trying to access a service configured to use dialpass for authentication. (ID: 534093:1 SLS: ptf9052f p534093)

143. pam_unix module free()s live data --
     The PAM unix module pam_acct_mgmt() routine could end up freeing part of a live data structure potentially causing later misbehavior in processes using PAM. (ID: 534267:1 SLS: ptf9052h)

144. USB/EHCI performance unnecessarily constrained --
     The performance of high speed USB (EHCI) devices has been significantly improved. (ID: 534090:1)

145. Add SCOoffice Server 4.2 licensing definitions --
     Added the SCOoffice Server 4.2 base and user bump definitions for the scoadmin License Manager. (ID: 534194:2)

146. drv_callback does not handle NMI --
     Provide correct routing of non-maskable interrupts (NMIs) when hyperthreading, multicore, and/or ACPI are enabled. (ID: 533969:2 SLS: ptf9052d)

147. mount command can hang on trying to mount a cdrom with no media inserted --
     Fixed an occasional hang of the mount command when trying to mount a cdrom with no media inserted. (ID: 534420:2)

148. lock error in adst70 driver causes panic under kstuff kernel --
     Fixed lock hierarchy violation issues in adst70 and adpu320 driver. (ID: 534036:3)

149. Enhance USB code to handle hardware stalls --
     The kernel's USB support code has been enhanced to better deal with certain hardware which inappropriately (according to the USB specification) stalls in configuration cycles. The support code will now retry a few times when it believes it has detected this situation, which appears to be good enough to work around these hardware failings. (ID: 532626:3)

150. Temporary keyboard lockup immediately after VT switch or num lock/caps lock/scroll lock --
     Modified the system behavior so that, by default, it will attempt to determine at runtime whether or not an 8042 keyboard/mouse controller is present, rather than assume one is present. Autodetection of the 8042 improves system response on platforms which lack an 8042 controller, and in particular, avoids temporary keyboard lockups that can occur on such platforms immediately after certain keyboard operations such as VT-switches or pressing the Caps Lock key. The system's treatment of the 8042 controller can be modified by changing the value of the variable i8042_detection in /etc/conf/pack.d/ws/space.c and then rebuilding and rebooting the kernel. If i8042_detection is initialized to 1, which is the default, then the operating system detects the presence or absence of an 8042 controller at runtime. If i8042_detection is initialized to 0, then the system bypasses the runtime detection and always acts as if an 8042 controller is present. If i8042_detection is initialized to -1, then the system bypasses the runtime detection and always acts as if an 8042 controller is not present. (ID: 534034:2 SLS: ptf9052d)

151. replacing the mirror root disk using vxdiskadm broken --
     Fixed replacement of failed disk in mirrored setup issue for Vertias Volume Manger(VxVM). (ID: 533912:2)

SCOAdmin

152. scoadmin account & SCOoffice 4.2 install hang when AFPS & Samba both installed --
     A hang was fixed in the scoadmin account manager object service agent (OSA) that occurs when the UnixWare 7.1.4 MP3 Samba Supplement (or Samba included with UnixWare 7.1.4 MP4) is installed on a system with SCO Advanced File and Print Server previously installed. (ID: 534786:1)

Security

153. SECURITY: BIND 9: cryptographically weak query ids --
     BIND was upgraded to version 9.4.2. The upgrade removes dnssec-signkey and dnssec-makekeyset commands. (ID: 534372:2)

154. SECURITY: SCO UnixWare pkgadd Directory Traversal Vulnerability - CVE-2008-0310 --
     A security vulnerability with the UnixWare pkgadd utility was repaired. (ID: 534589:3)

155. SECURITY: CVE-2006-1173 sendmail DenialOfService security problem --
     Sendmail could allow a remote attacker to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. (CVE-2006-1173) (ID: 534042:2)

156. SECURITY- "/bin/su" takes password from stdin --
     The su and passwd utilities have returned to using /dev/tty as the input source for reading password strings in the event that standard input isn't a TTY. (ID: 534132:1)

157. SECURITY: X.Org X server <= X11R6.8.2 arbitrary code execution --
     Multiple X Window System server applications share code that may contain a flaw in the memory allocation for large pixmaps. The affected products include the X.Org X server applications.

     An integer overflow condition may result in a memory allocation request returning an allocated region that is incorrectly sized. The client may then be able to use the XDrawPoint() and XGetImage() functions to read and write to arbitrary locations in the X server's address space.

     A malicious local authenticated attacker may be able to execute arbitrary code with the privileges of the X server.

     The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue.

     The X server was updated to a repaired version. (ID: 532989:2 ESC: erg712937)

158. SECURITY: iDEFENSE [IDEF10098] Setuid ptrace Local Privilege Escalation Vulnerability --
     A bug in which the ptrace() system call could be used to gain root privilege has been repaired. (ID: 533176:3)

159. SECURITY: libpng denial of service vulnerability --
     Fixed possible Denial of Service attack for malformed (bad CRC) gray scale PNG image. (ID: 534272:2)

160. SECURITY: A race condition in Sendmail may allow a remote attacker to execute arbitrary code --
     A bug has been repaired in which sendmail could allow a remote attacker to execute arbitrary code as root, caused by a signal race vulnerability. (CVE-2006-0058) (ID: 533700:2)

161. SECURITY: CUPS xpdf Multiple Buffer Overflow Vulnerabilities --
     [SCOSA-2006.20] Some vulnerabilities have been repaired in CUPS, in which a denial of service attack was possible, by exploiting a vulnerable version of Xpdf. (ID: 533446:2)

162. SECURITY: Samba multiple issues --
     Deliver Samba 3.0.24 with security patches. (ID: 534269:2)

163. SECURITY: Need fix for CVE-2006-4924 OPENSSH DENIAL OF SERVICE VULNERABILITY --
     Openssh has been upgraded to version 4.6p1 (ID: 534336:2)

164. SECURITY: ESP Ghostscript 7.x --
     Fixed insecure temporary file creation vulnerability. (ID: 533156:2)

165. SECURITY:FreeBSD has issued an update for tcpdump. This fixes a vulnerability, --
     Fixed buffer overflow vulnerability for BGP packets in tcpdump. (ID: 534384:2)

166. SECURITY:OpenSSL's implementation of RSA may contain a vulnerability that could allow an attack --
     Fixed RSA security vulnerability in OpenSSL. (ID: 534381:2)

167. SECURITY: Mozilla Multiple Vulnerabilities --
     Previously, the security issues addressed/fixed by Mozilla.org with the release of Mozilla 1.7.13 on the SCO support web-page. That web released package of Mozilla 1.7.13 is included in the UW 7.1.4 MP4 support release. (ID: 533769:5)

168. SECURITY Mozilla updated to 1.7.13 --
     The Mozilla browser has been updated to version 1.7.13. (ID: 532747:1 ESC: erg712883)

169. SECURITY: libcurl URL Parsing Vulnerability --
     [CVE-2005-4077] Due to a bug in libcurl's URL parsing code, it was possible to cause an internal buffer overflow, which made it possible to corrupt some memory allocation structures. This bug has been repaired. (ID: 533390:2)

170. SECURITY: MySQL user defined function buffer overflow --
     [SCOSA-2006.18]

     Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allowed remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.

     MySQL was prone to a buffer overflow vulnerability here. There were insufficient bounds checks of user-defined function argument data.

     This issue could have been exploited by a database user with sufficient access to create a user-defined function. It may also have been possible to exploit this issue through latent SQL injection vulnerabilities in third-party applications that used the database as a backend.

     Successful exploitation would have resulted in the execution of arbitrary code in the context of the database server process.

     The newer MySQL versions do not suffer from this vulnerability. (ID: 533383:2)

171. **SECURITY perl Multiple issues --
     perl and perlmods were updated to version 5.8.8 in the UnixWare 7.1.4 Samba Supplement. (ID: 531489:2 ESC: erg712810)

172. SECURITY:integer overflow vulnerability exists within the handlers for the X font server. --
     Fixed interger overflow vulnerabilities in X which could compromise the security of the system (ID: 534522:4)

Other Fixes

173. Extra "info" link in readme.htm --
     Links in the /info readme.htm file are now relative to the CD /info directory instead of the CD root directory. (ID: 534845:1)

174. UW71x:After my kernel was compiled it complains of pcicinit pccard/_drv.o errors --
     Under certain circumstances, the current state of the pcic driver is not maintained across the update installation. This issue has been fixed. (ID: 533593:1)

175. Meaning of + and - in GMT-based timezones are reversed in ptf9052e and ptf9052f. --
     Restore compatibility of GMT-based timezones (TZ environment variable values) such as :GMT-5 or :GMT+8 on systems with ptf9052 version e or f. Also introduce POSIX-compliant timezones of the form :Etc/GMT[+-]#. For UnixWare 7.1.4 without ptf9052 version e or f, timezones of the form :GMT+# are # hours east of GMT while those of the form :GMT-# are # hours west of GMT. ptf9052e reversed the sense of +/- in these time zones in order to comply with the POSIX standard, which specifies that +# means # hours *west* of GMT and -# means # hours east of GMT. This change restores the previous meaning of :GMT[+-]#, and adds new POSIX compliant timezone specifications of the form :Etc/GMT[+-]#. Note that TZ=GMT-5 and TZ=:GMT-5 (for example) also differ in the treatment of the sign and will have a ten hour (twice five) difference. TZ=GMT-5 and TZ=:Etc/GMT-5 agree with each other. (ID: 534160:2 SLS: ptf9052g)

176. NSS support for ia_openinfo() is inadequate for Samba and nss_ldap --
     Samba's NSS module has been fixed so that it now finds all the user's supplemental group IDs. (ID: 534113:1)

177. Samba Supplement install results in account manager failure --
     Fixed the scoadmin account manager to not result in error when /bin/net is the Samba vs AFPS version. (ID: 534184:1 SLS: ptf9052h)

178. Samba's winbind module is dumping 'compat_r=*' strings into the login output --
     This problem has been resolved. (ID: 534224:1)

179. It's possible to inadvertently disables system login ability if openldap or samba is removed --
     The openldap and samba package preremove scripts now detect if PAM login module is referenced by a file that the pkgrm won't remove. If so, you are warned and offered the option to abort. We very strongly recommend that you abort the package removal if this warning is displayed. If you receive this warning then you need to update your PAM configuration or immediately (before logging out) install another version of the openldap or Samba package. (ID: 534255:1)

180. pkgrm of samba does not remove swat line from inetd.conf --
     pkgrm of samba now removes Samba swat line from the inetd.conf file. (ID: 534264:1)

181. Broken upgrade path from previously shipped 3.0.10 to 3.0.24 from the Samba supplement --
     Installing the new version of the samba package automatically copies the existing Samba configuration (if one exists) from the previous release's /usr/lib/samba/lib/smb.conf and /usr/lib/samba/private/* files. The copied files are under /etc/samba. For your convenience, symlinks for the binaries and the smb.conf file are left in the old /usr/lib/samba locations. However, if your prior configuration specified any alternate or additional configuration files (e.g., a usermap file), they need to be copied separately. Also note: If the new Samba version is removed then your current configuration will not be restored to the previous /usr/lib/samba/lib location. When downgrading, administrators are advised to backup all configuration files before removing the new samba package. (ID: 534368:1)

182. Enable cups support in Samba. --
     Samba is now configured to enable cups support. (ID: 534438:1)

183. SWAT dies when defining shares --
     This problem has been resolved. (ID: 534518:1)

184. smbldap-tools internal documentation flawed --
     Changed the following lines in the usage clause. From: -N surname -S family name To: -N familiar name -S surname To avoid confusion, and display the correct usage. (ID: 534576:1)

185. new ssh connections trigger synchutmp activity --
     A bug was repaired in ssh which it caused the "classic" utmp/wtmp login-record files to get out of synch with the "modern" utmpx/wtmpx login-record files. The bug mostly just caused warning notices to be posted to the operating system message log, /var/adm/log/osmlog, every time a user logged in via ssh. (ID: 533686:1)

186. Cannot log in using ssh --
     The pam_lastlog module now creates /var/adm/lastlog file if it does not exist. (ID: 533724:2 SLS: ptf9052b)

187. First attempt to log in using ssh is denied --
     Fix a bug in the pam_lastlog module's open session function which sometimes caused a failure the first time a user logged in to a system using ssh. (ID: 533724:3)

188. mktemp utility --
     The mktemp utility is part of the UnixWare 7.1.4 Maintenance Pack 4. (ID: 533616:1 SLS: ptf9052)

189. Packaging issues with the recently released MySQL 5.0.19 --
     Prototype file cannot include relative symbolic links. Modified prototype file. (ID: 533822:1)

190. OpenLDAP binaries moved, and symlinks added --
     The slapd and slurpd binaries have been moved from /usr/libexec/ to /usr/sbin/, and symlinks, pointing to the appropriate new locations, have been left in the place of the old binaries. (ID: 534227:1)

191. OpenLDAP upgrade does not work. --
     A warning screen has been added to install.sh that any existing OpenLDAP database data needs to be backed up before the upgrade and then restored following the upgrade in order for the data to remain accessible. (ID: 534369:3)

192. mysql "repair table operation fails with EFBIG --
     For compatibility with other systems, LFS-ized variants on the mkstemp() routine are now provided by the C library. mkstemp() and mkstemp64() open the temp file with large file permission whereas mkstemp32() does not. (ID: 534671:1)

193. problems with web posted modjk-1.2.25-02.pkg package --
     The modjk version 1.2.25-02 postinstall and postremove scripts had minor bugs. The postinstall bug falsely reported an installation failure; the postremove bug prevented package removal. These bugs have been fixed with the modjk version (1.2.25-03) included in MP4. (ID: 534726:1)

194. htdoc index rebuild fails --
     The docview indexing operation has been changed to support the creation of larger than 2 Gigabyte sized database files. (ID: 534695:2)

195. Tomcat with Axis fails to shut down completely. Tomcat shutdown.sh script modified to ensure shutdow --
     The Tomcat shutdown.sh script has been modified to perform a "kill -9" on the process(es) should normal shutdown fail. (ID: 533909:2)

196. Update the SCOx perlmods for supporting Samba --
     The perlmods file was updated from version 5.8.3 to version 5.8.8 in the UnixWare 7.1.4 MP3 Samba Supplement (and in UnixWare 7.1.4 MP4). (ID: 533999:1)

197. mysql "stop" script doesn't work --
     Cannot reproduce in MySQL 5.0.19. The report was lodged against MySQL 3.x and apparently has been fixed since then. (ID: 530138:1)

198. Multiple problems and Feature request for Perl build from Samba --
     The perl library file Config_heavy.pl contained references to cross environment commands, not available on a native machine. This could cause problem with perl related builds. The file has been changed to reference the native commands, so this problem should no longer be seen. (ID: 534717:1)

199. Provide Apache Axis 1.2 support in the Tomcat and javasoap packages --
     The tomcat and javasoap packages now provide Apache Axis 1.2 support. (ID: 533907:1)

200. Provide pgsql 8.2.6 on UnixWare 7.1.4 MP4 CD --
     This problem has been resolved. (ID: 534727:1)

201. NSS ldap module fails to cause buffer grow retries --
     When using the NSS ldap module (see /etc/nsswitch.conf) if long enough "passwd" or "group" entries were reached in the ldap server, this module would fail to tell its caller that it needed more space. The general result would be that entry and subsequent ones would be missed. (ID: 534271:1)

202. nss_ldap opensrc code fails to set pw_age struct passwd member --
     The NSS LDAP module has been fixed so that it no longer can leave the pw_age and/or pw_comment members of struct passwd unset. (ID: 534343:1)

§9.5: Problems Fixed in Update 714+ :

Commands and Utilities

Development System

Drivers

Kernel

Installation

Networking

Operating System

SCOAdmin

Security

Other Fixes

Commands and Utilities

1. Feature request to bundle patchck with UnixWare and OpenServer maintenance --
   patchck is on the update CD and selected for installation by default in install.sh (ID: 535813:1)

2. Jobs in print queue deleted after a reboot --
   Print jobs submitted remotely were sometimes deleted from the print queue following reboot of the system hosting the printer. The problem has been fixed. (ID: 534759:2)

3. VMware VM "guest shutdown" option does not notify remote users --
   VMware's "guest shutdown" button or power menu option signals the vmtoolsd to initiate an immediate shutdown, i.e. "shutdown -i0 -g0 -y". That immediate system shutdown without any notification to remote users could appear to those users as a hung, non-responsive system.

   The /etc/shutdown command will now warn users when an immediate shutdown, grace period 0, has been initiated. (ID: 536001:1)

4. Typo and erroneous group count in grpck error message --
   Fixed a typo previously in the error message "Maximum groups exceeded for login name" displayed by the command grpck. Also fixed a bug that sometimes caused the group count to be too high by one, which in turn could cause this error message to be displayed spuriously and/or with an incorrect group count. (ID: 535947:1)

5. Failed update of crontab leaves temp file in /var/spool/cron/crontabs --
   The crontab command sometimes left a temporary file in /var/spool/cron/crontabs following a failed attempt to update a user's crontab file. This problem has been corrected. (ID: 535950:1)

6. File command supports additional data types and operators --
   Enhanced the file utility and the /etc/magic definitions file with more expressive operators and directives, in order to better identify more types of files. (ID: 528263:1)

7. File command sometimes produces different results --
   The file command sometimes identified the type of a file differently depending on whether the file was given to file as a single argument or as one of several arguments. The problem was caused by the file command sometimes looking past the end of data actually read from a file. This potential variation in results has been fixed. (ID: 528299:1)

8. Command "ln -s nonexistent newfile" fails --
   Fixed a problem introduced in UnixWare 7.1.4 Maintenance Pack 4 that caused the command

   ln -s nonexistent newfile

   to fail with

   UX:ln: ERROR: Cannot access nonexistent: No such file or directory

   when the source (nonexistent in this case) doesn't exist. The command should succeed regardless of whether the source path exists. (ID: 534960:1 SLS: ptf9055a)

9. Command "ln -s nonexistent dst-dir" fails --
   An earlier fix to the ln command, to create a symbolic link when the source file does not exist, failed to address the case of the target being a directory. That case has now been fixed as well. (ID: 535721:1 SLS: ptf9055e)

10. E-mail failures when reporting locked accounts --
    E-mail errors could occur when the system sends e-mail notification that an account has been locked following repeated failed login attempts. The errors occurred because system commands dropped the last two characters in the value of the MAILONLOGFAIL parameter defined in /etc/default/login, and as a result attempted to send e-mail to a non-existent account. The problem has been fixed. (ID: 535190:1)

11. Command "passwd -s" displays information to nonroot users about other OpenLDAP user accounts --
    Updated the passwd command to prevent nonroot users from getting passwd attributes of other users via the -s option. (ID: 535302:1)

12. COMPATIBILITY: tr now requires "-" to be escaped --
    Previous behavior of the tr command has been restored, allowing an argument of - by itself without requiring it to be escaped. (ID: 205740:1)

13. Enhanced sysinfo for UnixWare 7.1.4 --
    The command sysinfo was updated to provide these additional features:
    • added -z compress option
    • added usbprobe commands
    • added patchck and hipcheck commands
    • made dump capturing largefile aware
    • reformatted man page
    • added -help option to show man page
    • added -version option to show the version number
    (ID: 534246:3)

14. Update timezone database --
    Time zone rules have been updated to version 2013a released by IANA on 2013-02-27. (ID: 535692:3)

Development System

15. Implement extended stdio APIs --
    To further aid the porting of open source software, the following common extended stdio APIs have been added:

    void _flushlbf(void);
    size_t __fbufsiz(FILE *stream);
    size_t __fpending(FILE *stream);

    void __fpurge(FILE *stream);

    int __flbf(FILE *stream);
    int __freading(FILE *stream);
    int __fwriting(FILE *stream);

    int __freadable(FILE *stream);
int __fwritable(FILE *stream);

    (ID: 535604:1 SLS: ptf9055d libc_8.0.2f)

16. Enhance assembler to accept shift double instructions which have %cl as first of three operands --
    The x86 assembler has been enhanced to accept shift double instructions with three operands in which the first operand, specifying the length, is the %cl register. Previously, the assembler would accept a three operand form only if the first operand was an integer constant. Specifying length through %cl was handled as a two operand instruction with an implicit %cl for length, which was the form generated by the C and C++ compilers. (ID: 535152:2)

17. C/C++ code generated for the test (a+b) < 0 - checking for arithmetic overflow - is incorrect --
    The C and C++ compilers were incorrectly eliding the comparison of a signed integer expression with zero. While this worked in most cases, if an integer overflow or underflow occurred and the conditions being tested were one of '<', '<=', '>' or '>=' and incorrect code path may be executed. This problem has been corrected in the current released versions of the C and C++ compilers. (ID: 535960:1)

18. C Compiler enhancements- handle GNU __builtin_return_address(0) --
    The C and C++ compilers have been enhanced to handle the GNU __builtin_return_address(0) function. (ID: 535964:1)

19. C++ compiler warnings due to duplicate type definitions in /usr/include/CC/deque --
    Eliminated duplicate type definitions for pointer and const_pointer in the C++ header file /usr/include/CC/dequeue. (ID: 535708:1 SLS: ptf9055d)

20. C++ internal compiler error when using covariant return types --
    Compiling a C++ program that included a virtual function with a covariant return type and a fixed argument list resulted in a C++ internal compiler error "cgtr_expr():unexpected ep->kind." The problem has been fixed. (ID: 223362:1)

21. Sign propagation missing when converting a "signed short" expression to "long long" --
    A potential missing sign or leading zero propagation when converting a 16-bit intermediate expression to a 64-bit value has been corrected in both the C and C++ compilers. (ID: 535948:1)

22. Compiler warning "macro redefined: offsetof" --
    The macro offsetof is defined in both /usr/include/stddef.h and /usr/include/sys/sysmacros.h. Previously these two definitions, though functionally equivalent, were not identical, and, as a result, programs that included both headers would generate a compiler warning. To eliminate the warning, the macro definitions in the two files are now an exact match. (ID: 535716:1 SLS: ptf9055d)

23. Previous incomplete libc.so.1 fix causes vi -x to dump core --
    A previous libc.so.1 fix for a potential deadlock in applications calling putenv or setenv failed to consider applications, such as vi, that implement their own memory allocation functions such as malloc, free, and others. The fix now handles all such situations. (ID: 535673:1)

24. Previous fix to runtime linker may cause failures of some older programs --
    A previous fix to the runtime linker caused the finalization routines of an executable to be executed twice. This caused some older programs, such as gzip version 1.2.4 from Skunkware, to fail. The runtime linker has been updated to prevent finalization routines from executing twice so that older programs will continue to run correctly. (ID: 535712:1)

25. libdis - handle Intel IA32 mfence and lfence instructions --
    The assembler (as), disassembler (dis) and debugger (debug) have been updated for the mfence and lfence IA32 instructions. (ID: 535964:3)

26. yacc -default action of $$=$1 for zero-length rules accesses garbage --
    Fixed a long-standing bug in the parser code generated by yacc that sometimes caused the default value for a rule being reduced to be taken from a location outside of the valid portion of the yacc value stack. (ID: 534994:1)

27. Changes to cpuid instr uses the value in %ecx when %eax is 4 --
    The assembly peep-hole optimizer (optim) has been updated to recognize that register ECX may be an implicit source operand on some CPUID instructions. (ID: 535956:1)

28. Update /usr/include/nl_types.h --
    Updated the header file /usr/include/nl_types.h to be consistent with an earlier fix that allowed the C library to understand message catalog files produced by OpenServer 5's mkcatdefs command as well as UnixWare 7's gencat. (ID: 535700:2 SLS: ptf9055d)

29. Power function pow(1.0, NaN) and pow(1.0,INF) return incorrect values --
    As per the relevant IEEE and Open Group Specifications, the functions pow, powf, and powl now always return 1.0 when the first argument is 1.0, even when the second argument is Nan or ±Inf. (ID: 535719:2)

30. RTLD can scribble on replacement RTLD's presumed-to-be-zeroed space --
    A bug in which an OSR5-ABI dynamic binary could core dump in the /OpenServer/usr/lib/libc.so.1 RTLD startup code was repaired. (ID: 534936:2)

31. C compiler optimizer incorrectly reverses instruction order --
    When optimizing with compilation options -K pentium_pro -KPIC, a bug in instruction scheduling may result in the incorrect re-ordering of two dependent instructions that modify a function argument before its first use. This could happen if the optimizer ultimately placed both instructions ahead of the popl %ebx instruction used to establish the global offset table pointer. This bug has been resolved. (ID: 535654:1 SLS: ptf9055d)

32. C compiler optimization bug seen in nested loops --
    Incorrect code may be generated when optimizing nested loops where:
    • there are multiple exits from an inner loop, such as end of loop, continue and break; and
    • indexed operands (addresses) are promoted to register(s), temporarily freeing register(s) if needed.
    The problem has been fixed. (ID: 535658:1 SLS: ptf9055d)

33. Sleep calls sometimes hang for 40.96 seconds --
    Fixed a race condition between timer scheduling and clock interrupt handling that was responsible for these sporadic hangs. (ID: 534914:3)

Drivers

34. Optical Jukebox with adaptec controller 39320A panics the kernel --
    Fixed a kernel panic caused by a NULL pointer dereference error in the adpu320 HBA driver. (ID: 534840:2)

35. Kernel panic in clock interrupt code --
    Fixed a kernel panic caused by a NULL pointer dereference error in clock interrupt handling code. (ID: 535800:2)

36. FEATURE REQUEST: PCI Parallel Port Support --
    The parallel port (lp) driver has been enhanced to support PCI parallel devices. With this fix, UnixWare 7.1.4 will automatically configure devices for all PCI parallel ports installed, including on-board ports and PCI add-on cards. These devices are configured using device names of the form /dev/lp[0..n].

    After installing the patch, you can use the graphical dcu interface or the command-line resmgr utility to list the enabled parallel ports. For example, enter /sbin/dcu and check the Hardware Device Configuration, and you should see something along these lines:

           Device Name   IRQ IOStart IOEnd MemStart MemEnd DMA
         = ===========   === ======= ===== ======== ====== ===
         Y Parallel Port 7   3bc     3bf   -        -      -
    

    Alternatively, you could use the resmgr command:

    # resmgr | grep mfpd
3 mfpd 1 5 1 7 3bc 3bf - - - - 1 - - - 1 -

    If an existing parallel port is not listed by the dcu and resmgr utilities, reboot and enter the system BIOS to ensure that the port is enabled, and to determine the hardware resource settings (IRQ and I/O addresses) for the undetected port. Then, you need to change the BIOS settings or the dcu/resmgr settings (or both), so that they match.

    You can add a parallel port manually within dcu by selecting Software Device Drivers -> Miscellaneous -> mfpd, selecting F5, and entering the appropriate values for the device. Similarly, you can edit the values for an existing driver by selecting the appropriate line in the dcu display and editing the values.

    Another option would be to use the resmgr command, as in these examples:

    # resmgr -a \
> -p "MODNAME UNIT IPL ITYPE IRQ IOADDR BRDBUSTYPE ENTRYTYPE" \
> -v "mfpd 1 5 1 7 3bc 3bf 1 1"

    # resmgr -a \
> -p "MODNAME UNIT IPL ITYPE IRQ IOADDR BRDBUSTYPE ENTRYTYPE" \
> -v "mfpd 1 5 1 7 378 37f 1 1"

    Then run the following commands to rebuild the operating system and reboot:

    # /etc/conf/bin/idconfupdate -f
# /etc/conf/bin/idbuild -B
# init 6

    (ID: 528150:1)

37. CUPS fails on USB printers --
    Incorrect attributes on special files with names of the form /dev/usblp-* and /dev/usb_prnt* caused cups to fail on USB printers. To fix this problem, attributes for these special files have been corrected and are now owner root, group lp, and mode 0666. The udisetup program has also been updated accordingly. (ID: 534563:4)

38. USB descriptor load failed during enumeration --
    The kernel code that handles all USB device connections has been changed to be more tolerant of anomalous behavior of some hardware. In part, this includes the insertion of a few seconds delay at the start of the USB connection logic. (ID: 534670:2)

39. Kernel panics on some platforms when accessing network or plugging in USB diskette --
    Some systems that used the e1008g NIC driver experienced panics when using the network. USB-related panics were also seen if the USB subsystem shared the interrupt line with the NIC. The problem was resolved by adding appropriate locks to the e1008g interrupt routine. (ID: 535659:2)

Kernel

40. Kernel panics while using Microlite's RecoverEDGE media --
    The panic was caused by a memory corruption in the dynamically loadable module subsystem. The problem has been fixed. (ID: 534990:2)

41. System call gettimeofday reports incorrect time --
    The problem was caused by errors in the clock recalibration code, which has been fixed. (ID: 534251:3)

42. In OSR5 ABI programs, getsid fails with errno ENOSYS ("Function not implemented") --
    The getsid system call was previously unimplemented for OSR5 ABI programs running on UnixWare. The problem has been fixed. (ID: 535199:3)

43. Need 256bit AES encryption in marry --
    Enhanced the marry command and driver to support a configurable 128, 192 or 256 bit AES key length. (ID: 534878:3)

44. Unable to marry encrypted file systems created on UnixWare 7.1.3. --
    The marry command failed when applied to an encrypted file system created on UnixWare 7.1.3. The problem has been fixed. (ID: 535874:2)

45. Function getpgid fails for OpenServer 5 ABI programs --
    The function getpgid failed when called from an OpenServer 5 program running on UnixWare 7. The problem has been fixed. (ID: 534284:2)

46. Unable to access slave-only CD-ROM --
    An issue has been resolved where in certain slave-only IDE configurations, the IDE driver failed to enumerate a legal configuration of devices. This could cause a device such as the installation CD-ROM to not be detected. (ID: 534565:5)

47. Shutting down to init state 0 doesn't power down the system --
    Previously, shutting down the operating system to init state 0, either via shutdown or init, left the OS in a state where it could be powered off, but did not actually power it off. Now, shutting down to init state 0 causes the OS to power down completely on most platforms. (ID: 535596:7)

48. Two minute pause during reboot on some platforms --
    Some systems have been seen to pause during reboot for about two minutes following display of the message "Automatic Boot Procedure." The problem was tracked to code in the reset sequence that writes to the legacy i8042 keyboard controller. The reset sequence has been modified to attempt writing to the legacy controller only if the system has determined that one is present. (ID: 535869:2 SLS: ptf9055g)

49. New boot parameter PS2_KEYBOARD for specifying PS/2 keyboard detection --
    A new boot parameter, PS2_KEYBOARD, allows specification of the presence or absence of a legacy PS/2 keyboard controller. The value of PS2_KEYBOARD may be:

    • YES, to specify there is a PS/2 keyboard controller present

    • NO, to specify there is no PS/2 keyboard controller

    • AUTO, to specify that the OS should detect presence or absence of a PS/2 keyboard controller at runtime

    The PS2_KEYBOARD boot parameter, if present, takes precedence over the kernel tunable i8042_detection defined in /etc/conf/pack.d/ws/space.c. If PS2_KEYBOARD is not specified, then the value of i8042_detection determines the treatment of the PS/2 keyboard. The default value of i8042_detection is 1, which has the same behavior as PS2_KEYBOARD=AUTO (ID: 535870:2 SLS: ptf9055g)

50. New boot parameter CONSOLE_VIDEO for specifying video adapter type --
    A new boot parameter, CONSOLE_VIDEO, allows specification of the video adapter type in cases where the OS does not correctly identify the video adapter type on its own. Allowed values of CONSOLE_VIDEO are VGA, EGA, CGA, CGA40, and MONO. Values may be specified in either all upper or all lower case. If CONSOLE_VIDEO is not set, or if it is set to a value other than the ones listed here, then the system will attempt to identify the video adapter automatically. (ID: 535871:2 SLS: ptf9055g)

51. Video adapter type is not correctly detected on some platforms --
    Auto-detection of the console video adapter type has been improved so that it correctly identifies the adapter type on some new platforms on which the previous auto-detection algorithm returned the incorrect adapter type. (ID: 535871:6)

52. Increase the default value of ARG_MAX --
    Increased the default value of kernel tunable ARG_MAX from 32768 to 262144. ARG_MAX specifies the maximum number of characters allowed in the arguments and environment strings when starting a new process. (ID: 535101:2)

Installation

53. Build kernel even when a tuning parameter exceeds its limit --
    The command /etc/conf/bin/idbuild will now display a warning and build the kernel if a tuning parameter is set to a value that is outside of the parameter limits specified in /etc/conf/mtune.d. Previously, /etc/conf/bin/idbuild would print an error message and fail in such a case. (ID: 535304:1)

54. Interpret symbolic link source path as relative to target path in packaging tools --
    The packaging tools have changed their handling of prototype and pkgmap entries for symbolic links of the form

    s <class> path1=path2

    in which path2

    • is a relative path, i.e., does not start with /; and

    • does not start with ./ or ../

    Previously, the packaging tools would interpret such an entry as if there were an implicit / prepended to path2. They no longer do this, and instead treat path2 as relative to path1. (ID: 535943:1)

55. pkgadd tries to install package sets twice and returns exit code 99 (still happens with uw714mp4) --
    If "all" is specified on the pkgadd command line and if there is any Set Installation Package present, then pkgadd will process only the SIPs, along with the contents of the Set as selected by the Set request script. If the pkgadd command line specifies both a SIP and a non-SIP package, then pkgadd will fail with "Sets and Packages must be installed separately." (ID: 528032:1)

56. pkgadd trips up installing over files in / (root) --
    pkgadd now correctly overwrites an existing file of the same name in /. (ID: 534802:1)

57. Allow package names to be up to 32 characters long --
    Enhance pkgmk, pkgadd, and other packaging commands to support package names up to 32 characters long. The previous limit was 9 characters. (ID: 534806:1)

58. USB keyboard freezes during system shutdown --
    When shutting the system down, the following message was displayed: "System has halted and may be powered off (Press any key to reboot)." However, the USB subsystem has been halted at this point and, as a result, on a system with a USB keyboard, the user can't press a key to reboot. The halt message has been modified to indicate that USB keyboards are no longer active after the system has been halted. (ID: 531915:2)

59. Permissions on /var and /var/spool should be 0755 --
    Fixed on the system and corrected in the contents file. (ID: 536032:1)

Networking

60. "dlpid : RemoveInterface : Unable to find DLPI Interface (net0) in internal table" --
    This error message was seen when deconfiguring a network interface using netcfg or scoadmin network. The problem has been fixed. (ID: 535966:1)

61. Ksh "test" built-in: bug when wildcard expansion results in exactly two file arguments --
    The built-in test command of the UW 7.1.x ksh (Version M-12/28/93e-SCO) would fail if and only if exactly two file names are provided as arguments. While the test -f only tests and reports results for the first file and it does report success with three or more arguments, it should provide a valid result when two arguments are provided. This issue was resolved with the release of ksh (Version JM 93u 2011-02-08). (ID: 535089:1)

62. Command rndc-keygen fails with "/usr/sbin/rndc-keyadm: syntax error at line 945: `(' unexpected" --
    Problem was caused by a previously uncaught syntax error in /usr/sbin/rndc-keyadm that became evident with the release of ksh93u. The syntax error has been fixed. (ID: 535852:1 SLS: ptf9055g)

63. Add IGMPv3 support --
    IGMP Version 3 support has been added to allow source-specific multicasting. (ID: 533801:3)

64. Kernel panics in canputnext, called from udp_ctlinput --
    The panic was caused by a race condition between a packet arriving on a connection and the connection being torn down. The race has been resolved. (ID: 535347:3)

65. Kernel panics after creating and deleting ifconfig aliases when routed is running --
    Race conditions that caused the panic have been resolved. (ID: 535875:2)

66. IGMP stats are not being updated properly --
    The problem has been fixed. (ID: 535877:2 SLS: ptf9055g)

67. Make sure all calls to random pass an appropriate argument --
    Corrected some erroneous calls to the kernel's random number generator. (ID: 535311:1)

68. Macros CMSG_ALIGN, CMSG_SPACE, and CMSG_LEN missing from <sys/socket.h> --
    Add definitions of macros CMSG_ALIGN, CMSG_SPACE, and CMSG_LEN to /usr/include/sys/socket.h. (ID: 535834:2)

69. Telnet daemon hangs when >10000 characters are pasted into telnet client --
    Increase the master pseudo-tty queue high watermark to reduce the possibility of a deadlock when a large block of data is sent by a telnet client. (ID: 533023:2)

70. Kernel panics after OSR5 ABI program invokes ioctl on /dev/route --
    An error in the OpenServer 5 compatibility support resulted in a kernel panic after an OpenServer 5 program running on UnixWare invoked an ioctl on /dev/route. The problem has been fixed. (ID: 534310:4)

71. Syslog fills up with repeated error messages from routed that a remote interface has timed out. --
    The error message is now printed only on initial detection of the interface timeout. (ID: 535933:3)

72. Unable to create a multicast route that uses a 4 bit subnet --
    The problem has been fixed by updating the route command to set the mask correctly for multicast addresses. (ID: 534646:3)

73. Permit tuning of Nagle algorithm --
    The Nagle algorithm in TCP/IP combines numerous small packet requests into a single larger network transmission. Applications with time-sensitive transmissions should use TCP_NODELAY to avoid transmission delays associated with the Nagle algorithm. However, some applications might not use TCP_NODELAY and could suffer some performance loss as a result. This has been seen, for example, with some OpenServer 5 programs running on UnixWare 7.

    Two changes have been made to mitigate performance issues with applications that do not use TCP_NODELAY. First, the Nagle algorithm is disabled on sockets created by OSR5 programs running on UnixWare. Second, a new tunable, tcp_nonagle, has been introduced. It allows the Nagle algorithm to be disabled on all newly created sockets. By default, tcp_nonagle is 0, meaning that the Nagle algorithm is enabled. To change the value of tcp_nonagle, use inconfig:

    # inconfig tcp_nonagle 1 # to disable Nagle algorithm
# inconfig tcp_nonagle 0 # to re-enable Nagle algorithem

    (ID: 534772:3)

74. Panic in bnx2 NIC driver --
    Fixed a problem in the NIC driver infrastructure that caused panics in the bnx2 NIC driver. (ID: 535147:3)

75. Add a tunable to control display of certain arp warning messages --
    A new tunable arp_duplicate_warning allows administrators to control whether the kernel prints a warning message when an existing arp entry is replaced by a new entry that maps the same IP address to a different MAC address. Such warnings are enabled by default. To turn them off, issue the command

    inconfig arp_duplicate_warning 0
    

    To turn them back on:

    inconfig arp_duplicate_warning 1
    

    (ID: 535881:2)

76. Incorrect information sometimes displayed by netstat -I --
    When given the -I option, the netstat command displayed information retrieved from the kernel without first checking whether the retrieval operation returned an error. As a result, the information printed was sometimes wrong. The problem has been fixed. (ID: 535482:2)

Operating System

77. /u95/bin/ksh coredumps under certain circumstances --
    Two long standing ksh93 bugs in "here" document processing that have plagued open-source configure scripts and that had become more pronounced with UW7.1.4 MP4 have been resolved. Other reported and non-reported memory leaks and memory faults have been addressed.

    The ksh93 binaries on the system have been upgraded from ksh93e to ksh93u from AT&T Research. Please reference the new ksh man page, installed with this fix, for new features. (ID: 535188:1 SLS: ptf9055e)

78. Ownership/permissions bugs in /u95/bin/suscfg --
    Corrected owner, group, and permissions for /etc/profile in /u95/bin/suscfg. (ID: 535747:1)

79. Setting IDLEWEEKS in /etc/default/login may cause login to fail --
    Login failed, improperly, with the error "Your password has been expired for too long" when the user provided a valid username and password combination, if the user's account had been set to force a password change on next login and IDLEWEEKS were set in /etc/default/login. The problem has been fixed. Now, under these circumstances, login succeeds and is followed by a dialog that forces the user to change the password. (ID: 535632:2)

80. Repairs and upgrades to permit central LDAP authorization --
    Delivered a number of fixes and enhancements to improve the usability of LDAP-based authentication. Changes included enhancing the passwd utility to support the -s option for nonlocal users; repairing the ia_openinfo routine so that it provides shadow password information for privileged users; adding new lines to some login messages that previously lacked them; enhancing internationalization and localization for openssh and pam_ldap; and enabling pam_ldap to handle the password aging feature of a minimum number of days between changes. (ID: 535251:2)

81. Superfluous blank lines in error messages displayed by login, rlogin, and telnet --
    Eliminated superfluous blank lines sometimes displayed by programs, such as login and telnet, that have been configured to use the PAM module pam_unix. (ID: 535641:1)

82. Add PAM module pam_tally2 --
    Added the PAM module pam_tally2 and the associated pam_tally2 command. The command is installed in /usr/lib/security along with the module and a text file describing the command. (ID: 535793:1)

83. System call statvfs doesn't return file system pack name --
    The problem has been fixed. (ID: 535072:3 SLS: ptf9055g)

84. "WARNING: atapi_protocol: ata_drvselect failed" --
    This spurious warning message, seen on some platforms, has been deleted. (ID: 535855:3)

85. Unexpected ATAPI CD errors seen on some platforms. --
    The problem has been fixed by retrying CD operations that return a status of "unit becoming ready." Previously, such operations failed without a retry. (ID: 535899:3)

86. "WARNING: Integral console keyboard not found" --
    The system would display this message if no i8042 keyboard controller was found on the system, regardless of the system tuning. The message and the circumstances under which it is displayed have been modified as follows:

    1. If the kernel is tuned to always ignore the i8042 keyboard controller (e.g., PS2_KEYBOARD=NO), then no message about the controller's absence will be displayed.

    2. If the kernel is tuned to assume the presence of an i8042 keyboard controller (PS2_KEYBOARD=YES), and no i8042 controller is found, then a warning will be displayed.

    3. If the kernel is tuned to auto-detect the presence of the controller, then a notice will be displayed if no controller is found.

    (ID: 535713:1 SLS: ptf9055g)

87. System panics when unplugging USB Modem --
    Fixed a panic-causing race condition between a concurrent close and hot-unplug of a USB device. (ID: 534838:3)

88. Some USB floppy commands not permitted --
    The USB mass storage driver, usb_msto, previously did not recognize certain USB Floppy Interface (UFI) commands, and therefore did not permit them. This problem prevented the formatting of USB diskettes and has now been fixed. (ID: 535120:2)

89. USB 2.0 devices not recognized on systems with memory above 4 Gbytes --
    A problem was fixed which caused USB 2.0 devices not to be recognized on some systems with memory at physical addresses above 4 Gbytes. (ID: 535628:3)

SCOAdmin

90. DNS manager error when processing AAAA records in /etc/named.d/db.cache --
    The scoadmin DNS manager no longer writes IPv6 AAAA records to /etc/inet/named.d/db.cache. (ID: 535063:2)

91. Packet filter manager startup error "Unable to get filter data for IP,ppp" --
    Fixed scoadmin packet filter manager startup after configuring a filter. (ID: 533635:1)

92. DNS manager overwrites existing configuration --
    The scoadmin DNS manager no longer rewrites /etc/inet/named.d/db.cache when configuring a caching nameserver. (ID: 534842:2)

Security

93. SECURITY:BIND is vulnerable to CVE-2008-1447 --
    An attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could, for example, lead to the redirection of web or mail traffic to malicious sites. The problem has been fixed. (ID: 534997:2)

94. SECURITY: Kernel panics in IGMP code. --
    The OS kernel sometimes panicked when the system received an IGMP message. This problem has been fixed. (ID: 535283:2)

95. SECURITY: PAM is vulnerable to CVE-2009-0887 --
    Fixed a security vulnerability in a PAM library by treating character values as unsigned rather than signed, in order to keep from accidentally using negative values as array indices. (ID: 535292:2)

96. SECURITY: Upgrade BIND to 9.4-ESV --
    Updated BIND to version 9.4-ESV in order to address various security issues and also to fix a hang sometimes seen in dig and nslookup. (ID: 535243:3)

Other Fixes

97. Openssh 6.2p1 has been released --
    OpenSSH has been upgraded to version 6.2p1 and was linked against a statically built openSSL 1.0.1e for the latest libcrypto.a.

    Administrators should review their existing /etc/ssh/sshd_config settings with the recommended/default settings in /etc/ssh/6.2p1/sshd_config. In particular, it is strongly suggested that both sshd configuration options PrintMotd and PrintLastLog be set to no to eliminate duplicate messages. (ID: 536026:1)

98. UW714+ VM/VA should have the latest default openSSH config files active --
    The openSSH 6.2p1 installed on the UW 7.1.4+ VM for VMware will have the default 6.2p1 config files installed in /etc/ssh.

    For systems updated to UW 7.1.4+, system administrators should review the default openssh 6.2p1 default configuration options in /etc/ssh/6.2p1/ and update their active configuration files in /etc/ssh as desired. (ID: 536028:1)

99. Beta - OpenSSH config files on "fresh" VM should be those of the cuurent release --
    Beta testing reported that the openSSH configuration files on the UW714+ VM for VMware were based on an earlier release of openSSH.

    The default configuration files for openSSH release 6.2p1 have been installed in /etc/ssh on UW714+ VM. (ID: 536036:1)

100. sasl packaging errors --
     Fixed two errors in sasl packaging. First, the directory /usr/lib/sasl2 no longer has group write permissions, eliminating an error message sometimes seen in /var/adm/syslog. Second, certain symlinks that erroneously linked to / now link to the current directory. (ID: 534947:1)

101. db package needs a version revision --
     The db package included with the UnixWare 7.1.4 MP3 Samba Supplement contained errors that caused htdoc index rebuild failures. Those errors were corrected in the db package included with UnixWare 7.1.4 Maintenance Pack 4. However, the db package in MP4 was incorrectly assigned the same version number as was used in the Samba supplement. As a result, installation of MP4 did not update the db package on systems on which the Samba supplement had been installed, with the result that the htdoc index rebuild failures persisted. A workaround was described in the MP4 Release Notes. To correct this problem, the db package has been given a new version number in 714+. (ID: 534948:1)

102. Add GNU readline version 6.x --
     Runtime and development support for readline version 6.x has been added. Runtime support for readline version 5.x, included in previous maintenance packs, is still present. (ID: 535814:4)

103. Update zlib to version 1.2.5 --
     zlib version 1.2.5 is included in uw714+ (ID: 535815:1)

104. default sshd_config duplicates /etc/motd and last login msgs during login --
     Display of the Message of the Day, controlled by login(1) processing, and the Last Login Time, controlled by PAM processing, on UnixWare 7 is duplicated by the default sshd actions in an openSSH release. With openSSH release 6.2p1, this duplication is corrected on first time installs of openSSH by the following option settings in /etc/ssh/sshd_config

       PrintMotd no
       PrintLastLog no
     

     For upgrades to an existing openSSH package, all 6.2p1 default configuration files are placed in /etc/ssh/6.2p1/. Following upgrade, the system administrator should compare these default configuration files with the system's actual openSSH configuration files in /etc/ssh/ and modify as needed. (ID: 535835:1)

105. remove javasoap, modify gsoap and scoxldemo components as a result --
     The javasoap package has been replaced by entries in version 4.1.31-02 of the tomcat package included in 714+ on the Update CD. Libraries previously installed in /usr/java are no longer installed and should be removed from systems by removing the javasoap package. (ID: 534447:4)

106. Binary Handoff delivery for bash in bl1 --
     Bash version 4.2 is included in SCO UnixWare 7.1.4+. (ID: 535979:1)

107. UW714+ ISL on VMware hangs during "Configuring Network Adapters" screen --
     Fixed in nd package. (ID: 536091:1)

108. Broken libX11.so.6.1 - kinput2 (Kana Kanji conversion) fails on UW 7.1.4+ --
     Fixed in basex package. (ID: 536082:1)

109. Bug in loop descale() function - incorrectly stripping indexing from an LEAL instruction --
     Fixed in uccs package. (ID: 536082:2)

110. Bad code optimization in kernel pcic/Driver.o --
     Fixed in ptf9100. (ID: 536082:5)

111. Setting ACPI=Y at boot causes the system to act as if ACPI=N --
     Fixed in ptf9100. (ID: 536068:2)

112. Megasas driver hangs during initialization on some platforms --
     Fixed in ptf9100. (ID: 536069:2)

113. netcfg not working correctly --
     Fixed in ptf9100. (ID: 536076:1)

§11: Copyrights

The following Copyright Notice is required by the lsof command source:

   /*
    * Copyright 2002 Purdue Research Foundation, West Lafayette,
    * Indiana 47907.  All rights reserved.
    *
    * Written by Victor A. Abell
    *
    * This software is not subject to any license of the American
    * Telephone and Telegraph Company or the Regents of the
    * University of California.
    *
    * Permission is granted to anyone to use this software for
    * any purpose on any computer system, and to alter it and
    * redistribute it freely, subject to the following
    * restrictions:
    *
    * 1. Neither the authors nor Purdue University are responsible
    *    for any consequences of the use of this software.
    *
    * 2. The origin of this software must not be misrepresented,
    *    either by explicit claim or by omission.  Credit to the
    *    authors and Purdue University must appear in documentation
    *    and sources.
    *
    * 3. Altered versions must be plainly marked as such, and must
    *    not be misrepresented as being the original software.
    *
    * 4. This notice may not be removed or altered.
    */

Document Issued: April 2014
Copyright © 2014 Xinuos, Inc. All rights reserved.