Patch Name: PHCO_15807 Patch Description: s700_800 10.20 libc cumulative patch Creation Date: 98/07/16 Post Date: 98/08/18 Repost: 00/12/29 The patch documentation was modified to remove references to a fix that is not included in the patch. The fix for the future error generated by the ANSI C++ compiler due to two header files defining MAXINT is not included in the patch. The references to this fix were removed from the patch documentation. Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: N/A Filesets: OS-Core.C-MIN OS-Core.CORE-SHLIBS ProgSupport.PROG-MIN ProgSupport.PROG-AUX Automatic Reboot?: No Status: General Superseded Critical: No (superseded patches were critical) PHCO_13189: CORRUPTION PHCO_8108: CORRUPTION Path Name: /hp-ux_patches/s700_800/10.X/PHCO_15807 Symptoms: PHCO_15807: ypcat -k command core dumps when rpc is not running properly INDaa30924; SR 5003423871 Unable to get a stack trace if failing in memmove or strcat JAGaa05200 Strncpy(), when used with large number of copy counts, is not as fast as expected on PA2.0 systems compared to other memory/string assembly routines. JAGaa10942 getenv runs very slow for multi-byte languages JAGaa05075; SR 1653259333 /usr/include/regexp.h does not compile with aCC (ANSI C++). JAGaa08066; SR 1653261131 The CONCAT macro in inttypes.h do not work correctly for C++ applications. JAGaa00515; SR 5003348011 C++ applications that attempt to use __toupper() and/or __tolower() fail to compile because the function prototypes for them are not available. JAGaa05224, JAGaa06023; SR 4701389932 4701390138 getcwd(3C) fails with ENOENT if the root file system is a loopback file system (LOFS) after a chroot. JAGaa11165, JAGaa01441, JAGaa05219, JAGaa06021; SR 4701394395 4701382374 4701389916 4701390120 The getdate() function does not parse the template file correctly when the %r field descriptor is used in at least one of the templates. This leads to the situation that a non-zero value for getdate_err is returned even when the template file contains a matching template. In addition, getdate() does not correctly handle the case where %I is used in a template but %p is not. JAGaa00429, JAGaa10165, JAGaa10166, JAGaa10167, JAGaa10168, JAGaa05222, JAGaa10164, JAGaa10163, JAGaa08067, JAGaa10158, JAGaa12392; SR 4701392977 4701392969 1653261081 4701392928 4701394650 C++ applications that call setspwent(), endspwent(), putpwent(), setspwent_r() and/or endspwent_r() do not compile because the function prototype for those functions are not available. In addition, alsgtty in alarm.h is defined to be of a non-existent type. JAGaa00526; SR 1653219691 NT_MAX and ULONG_MAX divided by a signed integer yields 0 in K&R mode. JAGaa01184 getxxbyyy commands leave reserved UDP ports created by NIS opened. INDaa30842; SR 5003422337 PHCO_15465: bsearch() performance is bad. JAGaa01793 strncmp() could be faster for short strings. JAGaa08219 strncpy() is not as fast as expected as a performnce critical routine. JAGaa08100 A program that has installed a SIGPIPE handler using sigaction() and calls syslog(), aborts after the second SIGPIPE. JAGaa08180 PHCO_15153: Commands dump core if LC_COLLATE=nonC and LC_CTYPE=C. JAGaa01685 scandir(3C) causes core dump. JAGaa01938; SR 5003411355 When PHCO_14891 or PHCO_14868 is installed Purify reports errors and problems with strchr(). JAGaa07513 getmntent(3X) API causes application programs to occasionally core dump with SIGSEGV Memory fault for larger sizes of /etc/mnttab. JAGaa04833; SR 5003415513 PHCO_14891: Any application which calls the iconv() function could encounter a serious performance problem. JAGaa04914; SR 4701389551 Cu over datakit, specifically, datakit CommKit 3.20.01, fails. A "cu " hangs. JAGaa04785; SR 4701388215 PHCO_14868: Threaded applications calling gets() may hang after doing another i/o operation on stdin. JAGaa01903; SR 5003394833 When Null pointer was used as argument for fputs and puts, the behavior is inconsistant between pre-10.20 and 10.20 onward releases. JAGaa01511 Calling openlog() with a very long ident string causes syslog()to dump core or create unexpected/undefined results. JAGaa01271 ftw(3C) causes a process to run out of file descriptors. Depending on the application, the user could see a message similar to the following: ftw failed: Too many open files JAGaa00531; SR 5003378869 when LANG=japanese, the sed command, s/$/x/, would not add the character to the end of lines. JAGaa01206, JAGaa01953, JAGaa01952 No performance gain in libc by running application on PA2.0 or PA1.1 m/c. JAGaa02105; SR 4701388462 9.04 binary executable that calls 'step' regular expression API dumps core when run on 10.20 with libc patch PHCO_13399 or newer. DSDe442382; SR 5003413021 A patch for the dbm libraries (libdbm.1 and libndbm.2) and libc has been created to increase performance of dbm_nextkey(). libdbm and libndbm are empty, and any dbm routines are resolved from libc. JAGaa01111, JAGaa1150; SR 5003392126 PHCO_14511: strcoll() core dumps when LANG is set to C and LC_COLLATE is set to a different value(e.g. swedish.) DSDe442035 Customers using their own versions of malloc() and free() would notice free() being called twice on the same block of memory while using glob(). JAGaa01494 memccpy() doesn't detect the value of 0 at address 0. JAGaa01280 regcomp() dumps core, instead of returning error, when dealing with some non-recognizable expression. JAGaa01396, JAGaa01496, JAGaa01497 strptime(3C) does not calculate the week number correctly when the first day of the year is a Sunday (for %U and %W) or a Monday(for %W). JAGaa00976 SR 1653231456 PHCO_14199: When the customer program containing calls to endpwent() is run in NIS environment, a memory leak is observed. After several days of running, the program is unable to continue due to an out-of-memory condition. JAGaa01175, SR 5003395673. The problem was introduced in cumulative libc patch PHCO_13029. Applications that 1) call fork() and 2) implement their own version of the malloc functions will not link with libc.a. For example, the link editor would print the following messages when an application (mymalloc.c), that implements its own version of malloc() and free(), is compiled: cc: Entering Link editor. /usr/ccs/bin/ld: Duplicate symbol "malloc" in files mymalloc.o and /usr/lib/libc.a(malloc.o) /usr/ccs/bin/ld: Duplicate symbol "free" in files mymalloc.o and /usr/lib/libc.a(malloc.o) /usr/ccs/bin/ld: Found 2 duplicate symbol(s). JAGaa01398. On some methods the first call to the API iconv_close(3C) on a conversion descriptor deallocates the codesets for all the opened conversion descriptor with the same "fromcode" and "tocode" arguments. In other words, if there are two descriptors by calling iconv_open() twice with the same "fromcode" and "tocode", upon closing the first descriptor any operation on the second descriptor will cause a core dump. JAGaa00931 JAGaa00932. PHCO_13777: When the length of the environment variable LANG is longer than 1024 (MAXPATHLEN), catopen(3C) caused core dump. DTS JAGaa01290. When users with an expired password tries to log in on the console, they get usage message from the passwd command: "usage: passwd [-F file] [name]". DTS JAGaa00533, SR 5003380394. When more than 435 processes are registered with portmap(3c) and a request for PMAPROCDUMP is made via UDP, portmapper hangs. SR 1653236562, DTS INDaa29151. PHCO_13775: After a call to the malloc(3C) api which fails with an ENOMEM error, in some corner cases with certain mallopt(3c) smaller allocations subsequently return errors even when there is enough memory available for the allocation. DTS #: JAGaa01179 Causes automountd to dump core when it tries to mount from an off-line server. DTS #: INDaa29523 This patch is part of the 10.20 ACE 2 bundle which adds networking enhancements to 10.20. New networking features supported in ACE 2 include NFS Version 3.0, AutoFS and CacheFS. DTS #: DSDe441184, STARS #: 4701378117 NIS map transfer fails due to transfer timeout on slave as a direct result of an inefficient method of scanning a sparse DBM database. DTS #: JAGaa01111 JAGaa01150, SR # : 5003392126 PHCO_13626: 10.20 strcoll performance is bad compared to 9.x for spanish locale and other single byte locales. DSDe436357, SR 1653214346. Calling perror(string) with the length of string plus the message larger than 1024 will cause coredump. DTS # JAGaa01178, JAGaa01166. Telnet connection requests hang but connect if tried again. INDaa29426, SR 1653242040. PHCO_13399: Regular expressions pattern matching fails for UTF8 locales. As a result of this, commands like grep and ls will not be able to match patterns written for UTF8 correctly. JAGaa01146, JAGaa01147, JAGaa01151. PHCO_13282: The fix for SR 5003392126, DTS JAGaa01111 caused the following symptom: If dbm_nextkey() is called after a datum with a NULL dptr field has been returned from either dbm_firstkey() or dbm_nextkey(), an infinite loop occurs. This fix was rolled back. JAGaa01185. PHCO_13189: The API getlogin() returns invalid results for user names of 8 characters in some cases. JAGaa01154, SR 4701374512. The wcswidth(3c) API depends on methods/locales to return a value 0 for an empty wide string. Sometimes a locale would return a value other than 0 for an empty wide string. JAGaa00448, SR 4701374470. PHCO_13029: NIS map transfer fails due to transfer timeout on slave as a direct result of an inefficient method of scanning a sparse DBM database. SR 5003392126, DTS JAGaa01111. The performance of strcoll is bad for multi-byte locales when compared to 9.x performance. SR 1653192724, DSDe432158. PHCO_12673: Alternate regular expressions with anchored non-first subexpression fail to match if don't use parenthesis. DTS# JAGaa00523 PHCO_12448: The memmove(3C) api is slow when moving data to the right, as in memmove(c+1,c,249). DTS# DSDe433981, JAGaa00518, SR# 5003355867 The last patch PHCO_12128 breaks the correct functionality of spanish locale collation for strcoll and strxfrm. This patch fixes that problem. DTS# JAGaa00792. Signal mask is not restored after calling free when mallopt(M_BLOCK,0) has been set. Only happens on multiple calls to free for the same pointer. DTS# JAGaa00773, JAGaa00489, DSDe424072; SR# 1653228304 1653119560 Non-root users of rlogin get the error message: "rlogind: /dev/pts/1: Permission denied." if configured in /etc/inetd.conf with the -l option. DTS# INDaa28226, SR# 4701364653 PHCO_12128: NIS netgroups are searched recursivly causing poor performance when netgroups are nested. DTS # INDaa27824, SR# 5003377606. The API seekdir() fails to position the next readdir() operation for certain nfs directory. DTS# DSDe431565 The customer using strcoll(3c) with single byte locale and experiencing performance problem. DTS# DSDe436357, SR# 1653214346 In a customer application, regcomp(3C) followed by regexec(3C) returns an unexpected "no match" value when the locale is set to non-C locale. DSDe437259, SR 1653215186. Output directed to stderr may be corrupted when an application opens files for non-buffered i/o by calling setbuf() with the _IONBF flag. The symptom is likely to manifest only in multi-threaded applications. DSDe437356. No reported symptoms - this is a proactive patch. DSDe436555. PHCO_11315: The customer using Spanish locale ( or any locale with 2 to 1 mapping) along with any patch which includes patch number PHCO_10027 will see incorrect colla- tion. Other customers will never see this problem. DTS # DSDe436983, SR 1653214346. User applications calling catopen() may run out of file descriptors. DTS # DSDe435212, SR 1653208355. PHCO_11004: In multi-threaded application, if one thread is waiting on a read which won't complete (e.g., stdin or a stalled pipe) and another calls thread calls exit() or abort, the application would hang. DTS # DSDe435666, SR 1653211490. The group permissions of the parent directory of the home directory does not have to be set for "all" for the ".rhosts" check to succeed. The "rhosts" check changes the effective group id to the real group id before opening ".rhosts" file. Also, ruserok() did not properly parse the username in hosts.equiv. DTS # INDaa22946 INDaa21768; SR # 5003297861, 5003274753. User applications calling catopen() may run out of file descriptors. DTS # DSDe435212, SR 1653208355. Memory leak in getservbyname. DTS# INDaa26623, SR# 5003358762. strcat() may core dump when the last word of the source string is at the page boundary. SR 5003302299, DSDe434239, DSDe427804. For regcomp/regexec, "^ *$" and similar patterns in non-C locales will incorrectly match lines with newlines in them. ^$ pattern and empty strings won't match when they should in non-C locales. A pattern with ^ in the C-locale and with REG_NEWLINE set will not consider newlines further down the string. DSDe434345, DSDe434746, DSDe434752; SR 1653204651, SR 4701349118. February 29, 2000 is rejected as a valid date by the getdate(3c) library call. DSDe434241, DSDe430766; SR #s 1653203026, 4701334763. The getdate(3c) would set getdate_err to "no matching template entry" (7) instead of "invalid input specification" (8) for dates outside the range of the time_t data type. This has been fixed. DSDe434270 PHCO_10027: Unaccaptable degradation of collation using swedish language. DSDe432108, SR1653192161. Regular expression pattern ".*" behaves incorrectly in Japanese locale. DSDe433097. The memcmp(3c) may core dump at page boundary. DSDe433356, SR4701344721. Applications built archived on release 10.20 will use the wrong locale libraries for the C locale if they are executed on a future HP-UX release. The result is unpredictable. Existing applications built with the archived libc in 10.20 need to be rebuilt with a libc that contains this patch if they are to be be moved forward to a post-10.20 HP-UX release to ensure that they use the correct locale libraries for the C locale on the new release. Existing 10.20 applications built shared do not have to be rebuilt with the patch to be migrated to a future HP-UX release. DSDe432519. PHCO_9577: When customer runs command: setprivgrp -g LOCKRDONLY, the NIS system hangs. INDaa24394, SR5003320648. This fix was intended for PHCO_8979, but was inadvertently left out. PHCO_8979: The libc routine ulckpwdf always returns -1. As a result, the /etc/.pwd.lock can not be unlocked. DSDe431142, SR5003338038. Memory leak in globfree(). DSDe431962, SR5003344192. If given weekday is the same as today and within the last 7 days of the month, getdate() returns an Error 8. DSDe431143, SR1653185629. In non-C locales, non-blank lines would match pattern ^$ for regcomp(). DSDe431505 DSDe432126. User applications hit a limit of 1023 for number of sets in a message catalog. DSDe431644, SR5003341271. Call to tempnam(), mktemp() and mkstemp() sometimes returned a dangling symlink as the name for a temporary file. SR1653189134. The strptime and getdate calls did not handle two digit year specifications in the same manner. This has been addressed by providing strptime and getdate with an alternative behavior for dealing with two digit year specifications. In order to obtain the alternative behavior, which interprets two-digit year values in the range 66-99 to refer to the twentieth century and values in the range 00-68 to refer to the twenty-first century, the executable must link with the supplied object file, /usr/lib/year2000.o. Existing executables will continue to get the compatible behavior. DSDe430766, SR4701334763. If the ndots resolver option is configured in /etc/resolv.conf and res_init() is directly or indirectly called, a memory leak will occur. Applications using gethost*() API's or directly using resolver API's (res_*()) in a DNS environment are open to this problem. INDaa23823. The getdate() routine fails with a signal 11 segmentation violation when accessing a datemask file that contains a very large number of alternative date formats. DSDe429925, SR1653176883. PHCO_8764: Random truncaton of strings with strcat due to fix attempted in PHCO_8108. PHCO_8108: Significant performance degradation of regular expression processing in 10.X compared to 9.X. Affects awk, grep, sed, etc. Some printf variants available in patched 10.X systems weren't exported in 10.20. getcwd returns EINVAL when a negative buflen is passed in. memchr may core dump when char is not found. Sometimes strcat would attempt to access an unmapped page of memory. Defect Description: PHCO_15807: yp_all() which is called by ypcat, frees it's UDP client handle and create a TCP client handle to make a request. It mistakenly uses the released UDP client handle to open message catalog for an unsuccessful TCP clnt_call() and causes core dumps. INDaa30924; SR 5003423871 Unable to get a stack trace if failing in memmove or strcat JAGaa05200 Unlike other memory/string assembly routines, strncpy() doesn't take advantage of PA2.0 instruction sets where available. JAGaa10942 getenv runs very slow for multi-byte languages like ja_JP.SJIS. The performance for single-byte languages is as good as C locale. JAGaa05075; SR 1653259333 Functions 'compile', 'step' and 'advance' in /usr/include/regexp.h had no corresponding ANSI or C++ definitions. JAGaa08066; SR 1653261131 The CONCAT macro in inttypes.h returns an incorrect value in C++ applications. JAGaa00515 C++ applications are not able to use __tolower() and __toupper() because the function prototype for those functions are not available. JAGaa05224, JAGaa06023; SR 4701389932 4701390138 A call to getcwd() will fail if the root file system is a loopback file system. This will not normally be the case, but if chroot() has been called to set the root directory, then this could be a loopback file system (LOFS). A specific example of this is when the anonymous ftp home directory is a LOFS as ftpd will then use chroot() and can report: 550 getcwd: No such file or directory JAGaa11165, JAGaa01441, JAGaa05219, JAGaa06021; SR 4701394395 4701382374 4701389916 4701390120 getdate() fails to find a matching template when %r is used in a template and there is at least one other template that contains %H or %R, even though a matching template exist. It also returns an error if a template contains %I but not %p and a matching template exists. JAGaa00429, JAGaa10165, JAGaa10166, JAGaa10167, JAGaa10168, JAGaa05222, JAGaa10164, JAGaa10163, JAGaa08067, JAGaa10158, JAGaa12392; SR 4701392977 4701392969 1653261081 4701392928 4701394650 C++ applications fail to compile if they call one of setspwent(), endspwent(), putpwent(), setspwent_r() and endspwent_r() because the function prototype for those functions are not available. In alarm.h, alsgtty is defined to be a "struct sgtty", which does not exist. JAGaa00526; SR 1653219691 InK&R mode, dividing UINT_MAX or ULONG_MAX by a signed integer produces a result of 0 because the constants are not being cast to "unsigned int" and "unsigned long", respectively. JAGaa01184 Once all the reserved UDP ports are consumed,then each process or users application that needs a reserved UDP port has to wait until one is available. INDaa30842; SR 5003422337 PHCO_15465: bsearch() spends a lot of time in div and mul mill-code routines for benchmark. It is not acceptable for customers. JAGaa01793 strncmp() can be much faster for short strings (less than or equal to 8 bytes) comparison if they are trated separately. JAGaa08219 strncpy() is currently implemented in C. It's performance is not acceptable for customers. JAGaa08100 syslog() uses signal() internally instead of sigaction() to ignore the SIGPIPE signal. JAGaa08180 PHCO_15153: Commands dump core if LC_COLLATE is set to non C locale but LC_CTYPE is set to C locale. If there is no difference between LC_COLLATE and LC_CTYPE, threre is no problem. JAGaa01685 scandir(3C) causes core dump when 130 entries or more are in a directory.Occurs only with non System V file systems, mounted as a networked file system on HP-UX. JAGaa01938 Installation of PHCO_14891 or PHCO_14868 causes Purify to report errors on strchr(). This was caused by a backwards branch in the assembly code. JAGaa07513 The defect is that getmntent(3X) returns incomplete mntent structure when the current position in mount table files has reached the end of 8k buffer boundary. When applications try to access data using incomplete entries in the mntent structure, they core dump with Memory fault. JAGaa04833; SR 5003415513 PHCO_14891: iconv() is unacceptably slow. JAGaa04914; SR 4701389551 dial() was missing the required ioctl to notify the datakit driver to set receive mode DIOCRMODE for CommKit 3.2. It appears that this ioctl was deleted from a previous version of dial() because CommKit 4.0 no longer required it. However, this "broke" proper dial access to CommKit 3.2. JAGaa04785; SR 4701388215 PHCO_14868: gets() can fail to release a lock after encountering an EOF condition. This will cause another thread in the application doing an i/o operation on stdin to hang, leading potentially to an application deadlock. JAGaa01903; SR 5003394833 The correct behavior should be as follows: When Null pointer was being passed as argument for fputs and puts, fputs should return 0 and write nothing to the file, puts should return 1 and write '\n' to stdout. The above behavior is now in 10.20, 10.30, 11.0, and 11.al, which is consistant with the pre-10.20 behavior. JAGaa01511 The previous syslog code, in some places, kept filling the buffers without checking for the buffer limits. Once the size of buffers were exceeded a core dump would occur. JAGaa01271 The ftw() call in libc can quickly use up all the open files a process is allowed because of a bug in the code. Ftw() uses an extra file descriptor everytime the function that is passed in to ftw() returns a nonzero value. So, the easiest way to see this problem is to call ftw() in a loop and pass in a function that always returns 1. Depending on the number of open files allowed for the process (usually it is 60) the ftw() call will fail when the open files are exhausted. JAGaa00531; SR 5003378869 A flag was set incorrectly which caused the "match end of line" not being recognized. Setting of the flag is corrected. JAGaa01206, JAGaa10953, JAG01952 mem and str assembly routines, right now, do not take advantage of PA2.0 instruction set. Also, other libc routines do not take advantage of PA1.1 instruction sets. JAGaa02105; SR Binary compatibility for 9.04 regexec() routine was removed in PHCO_13399. DSDe442382; SR 5003413042 A patch for the dbm libraries (libdbm.1 and libndbm.2) and libc has been created to increase performance of dbm_nextkey(). libdbm and libndbm are empty, and any dbm routines are resolved from libc. JAGaa01111, JAGaa1150; SR 5003392126 PHCO_14511: Whenever LANG is set to C and LC_COLLATE is set to non-C locale, strcoll() incorrectly assumes that it has been initialized, when this is not the case. DSDe442035 An internal function called by glob() attempts to free the same block twice.JAGaa01494 memccpy() doesn't detect the value of 0 at address 0. JAGaa01280 The defect was caused by copying one NULL string pointer to another without any checking. JAGaa01396, JAGaa01496, JAGaa01497 strptime(3C) does not calculate the week number correctly when the first day of the year is a Sunday or a Monday. JAGaa00976 SR 1653231456 PHCO_14199: There is a memory leak in endpwent() and setpwent() libc functions when they are run in NIS environments. The program size grows in 4k increments, for each endpwent() and setpwent() calls in NIS environment. The problem was introduced in cumulative libc patch PHCO_13029. It occurs for applications that 1) call fork and 2) implement their own version of the malloc functions. This problem is caused by linking with fork.o; all of the external symbols in malloc.o are imported, including the malloc functions such as malloc and free. This causes ld to find duplicate symbols, one for the application's own malloc function and one for the malloc function in malloc.o from libc.a. The patch should be installed if the symptoms occur when the application includes a call to fork(), yet the symptoms don't occur when the call to fork() is removed from the application. The APIs iconv_open(3C) and iconv_close(3C) didn't keep track of multiple uses of method. PHCO_13777: HP-UX enforces that variable lengths should not exceed 1024. In catopen(3C), the string that represents the variable LANG was strcpy'ed into a buffer with a fixed size MAXPATHLEN (1024). This caused coredump when strlen(LANG) is longer than 1024. getlogin(3) API in libc returns NULL when the tty is console. Hence the utilities like passwd print error messages when they use getlogin() API to access the login name of the user. When the memory buffer overflows while trying to encode too much data, the memory area gets shortened at each request eventually ging negatrequest eventually going negative. The pointer is not reset on error. PHCO_13775: In some corner cases a malloc(3c) internal error flag is not cleared. RPC internal function does not handle client creation properly if the server is off-line. New functionality to support networking features in 10.20. NIS uses dbm to to manage its data. Because of unlucky splitting, the '.pag' file has a large empty area which causes the NIS file transfer to fail because it takes longer than 25 seconds for dbm to get between keys. PHCO_13626: The performance of 10.20 strcoll is bad compared to 9.x for single byte locales because of a slow algorithm used for replacing 1 to 2 map characters. The size of the string, passed to perror, plus message was not checked and could have become larger than the size of the allocated output buffer. In such situations perror would have coredumped. Backlog limit for Listen() was set at 2 by default. Limit was increased to 20 via SOMAXCONN in sockets.h. PHCO_13399: Regular expression pattern matching is done through regcomp() and regexec() routines. These routines fail to match patterns correctly in the UTF8 locale environments. For eg. German locale de_DE.utf8. PHCO_13282: Case of calling dbm_nextkey() after the entire database has been traversed via dbm_firstkey() and dbm_nextkey() calls was not handled properly. PHCO_13189: The utmpx file contains an 8 character user name concatenated with 2 characters of device name. The implementation of the wcswidth(3c) API fails to comply with specification if the locale dependent version of wcswidth does not comply. PHCO_13029: NIS uses dbm to to manage its data. Because of unlucky splitting, the '.pag' file has a large empty area which causes the NIS file transfer to fail because it takes longer than 25 seconds for dbm to get between keys. The strcoll(3c) api for multi-byte was not optimized. PHCO_12673: awk and grep fail for certain regular expressions. PHCO_12448: The proper optimizations were not applied. This patch fixes the spanish locale collation problem for strcoll and strxfrm APIs caused by patch PHCO_12128. Signal mask was not restored for this corner case. The effective user and group id are set incorrectly in the call ruserok() when rlogind is invoked with an option "-l". PHCO_12128: If netgroups are nested this causes the NIS netgroup files to be recursively searched, causing poor performance. The API seekdir(3) is unable to position the next readdir(3) operation if the directory is on a 3rs party NFS server that returns a negative signed 32bit integer. Fix is made to readdir() not to call lseek(2) system call. This is a patch for performance problem reported for Spanish locales. The patch helps all single byte locales. A local data item was not being initialized properly. Incorrect internal buffer allocation can lead to an overlap between the stderr buffer and other internal buffers when files are opened for non-buffered i/o. Potential for data corruption/crashing in dbm_open is called with a filename which is too long. PHCO_11315: The trimming off of common prefix from string before collation causes problem in Spanish locale because it has 2 to 1 mapped collation element. e.g. "ch" should map after "co" but if common prefix "c" is removed, "h" will collate before "o" which is incorrect. An incorrect setting of NLSPATH, eg. NLSPATH="/tmp" causes catopen() to leave open file descriptors behind. As a result, applications that frequently call catopen() with an incorrectly set NLSPATH can run out of file descriptors. PHCO_11004: Code which cleans up stdio streams did not handle read-only streams which were waiting indefinitely on a read. 1. The "rhosts" check fails if the parent directory of the user's home directory does not have the right group permissions. Consider the case where the parent directory has permissions "710". /home - permissions rwx--x--- /home/student - permissions rwx------ The directories home and student belong to the same group. The "rhosts" check fails when a remote user tries to login as "student". This is because, the ruserok() routine does not change the effective group id to the real group id before opening ".rhosts" file. 2. Usernames in the host.equiv file are improperly parsed. The ruserok() code now exhibits the expected and documented behavior. An incorrect setting of NLSPATH, eg. NLSPATH="/tmp" causes catopen() to leave open file descriptors behind. As a result, applications that frequently call catopen() with an incorrectly set NLSPATH can run out of file descriptors. NIS getservbyname() had a memory leak. strcat() prefetches word before doing shift and concatenation. A check for end of string should be performed before the prefetch since the prefetched word may be across the page boundary. This is now fixed. The non-C locale code continued to check beyond the terminating null character. In the C-locale with REG_NEWLINE set, the ^ case should continue checking the entire string in case there are newlines in the string. The leap year algorithm was incorrect for getdate(3c). The check for the range of the input date was in the wrong place. PHCO_10027: Unaccaptable degradation of collation using swedish language. Regular expression pattern ".*" behaves incorrectly in Japanese locale. memcmp tried to prefetch words from outside of valid memory page and this might cause memory core dumps. The prefetching of invalid memory words was caused by incorrect calculation of number of words to fetch and compare. This is fixed now. In a system with more than one set of locale libraries to be used by libc.1 and libc.2, libc.1 will use the wrong set of locale libraries for the C locale. libc.1 needs to be changed to use the locale libraries in the /usr/lib/nls/loc/locales.1 directory instead of /usr/lib/nls/loc/locales, which is a symbolic link to /usr/lib/nls/loc/locales.2 on a HP-UX 10.30 system. This patch is needed for an HP-UX 10.20 machine if that machine is being used to build applications which you intend to run on future releases of HP-UX. This patch is not needed for correct operation of programs on HP-UX 10.20 system, because /usr/lib/nls/loc/locales is a symbolic link to /usr/lib/nls/loc/locales.1. PHCO_9577: Problem is in yp_bind.c. The second function call to flock() has a syntax error in the parameter list. The first call to flock() is correct. When this command is given the second function call to flock() is in code which is only invoked when Talk2_binder() is called. Then it hangs. PHCO_8979: If you lock /etc/.pwd.lock using lckpwdf, there is no way to determine that it was unlock, because ulckpwdf always returns -1. Allocated memory was not properly free'd by globfree() after use. The day of the month was being improperly adjusted for the case when the day of the week matched today. Pattern map was set such that it would continue matching past end of pattern. The maximum number of message sets allowed in a message catalog was not high enough; it has been increased to 65535. The tempnam(), mktemp() and mkstemp() APIs did not check for a dangling symlink before returned it and this has been fixed now. The strptime and getdate calls were not consistent in the manner in which they handled two digit year specifications. res_init() leads to the processing of the ndots option. In processing the ndots value a routine was called that could generate a recursive loop back to res_init(). During the recursive loop a memory leak would be generated. The code has been redesigned to avoid this loop condition. When a very large template file is used, and the getdate() routine has to search far into the file to find a matching format specifier, getdate() overran the allocated array. PHCO_8764: The fix for strcat's page boundary problem caused truncation of some strings. PHCO_8108: Poor performance of 10.X regular expression processing in comparison to 9.X. The affected entry points were not exported properly. According to X/Open, getcwd takes a second argument of type of size_t and returns EINVAL only when the second argument is 0. memchr tries to read beyond end of valid memory when char is not found in thestring and may core dump. The strcat call didn't handle an optimized pre-fetching strategy properly, causing the read of bytes belonging to unmapped pages. SR: 5003423871 1653259333 1653261131 5003348011 4701389932 4701390138 4701394395 4701382374 4701389916 4701390120 4701392977 4701392969 1653261081 4701392928 4701394650 1653219691 5003422337 4701309294 1653155929 1653169615 5003338038 5003344192 1653185629 5003341271 1653189134 4701334763 5003320648 1653176883 1653192161 4701344721 1653211490 5003297861 5003274753 1653208355 5003358762 5003302299 1653204651 4701349118 1653203026 4701334763 1653214346 1653208355 1653215186 5003377606 5003355867 1653228304 1653119560 4701364653 5003392126 1653192724 4701374512 4701374470 1653214346 1653242040 4701378117 5003392126 5003380394 1653236562 5003395673 1653231456 5003413021 5003378869 5003394833 4701388462 4701389551 4701388215 5003411355 5003415513 5003419481 Patch Files: /usr/lib/libc.a /usr/lib/libp/libc.a /usr/lib/libpicc.a /usr/lib/libc.1 /usr/lib/libdbm.1 /usr/lib/year2000.o what(1) Output: /usr/lib/libc.a: PATCH-PHCO_15807 for 10.20; for 10.30, 11.x compatib ility libc.a_ID@@/main/r10dav/libc_dav/libc_ dav_cpe/8 /ux/core/libs/libc/archive_pa1/libc.a_ID Jul 16 1998 11:41:59 /usr/lib/libp/libc.a: PATCH-PHCO_15807 for 10.20; for 10.30, 11.x compatib ility libc.a_ID@@/main/r10dav/libc_dav/libc_ dav_cpe/8 /ux/core/libs/libc/profiled_pa1/libc.a_ID Jul 16 1998 11:50:37 /usr/lib/libpicc.a: PATCH-PHCO_15807 for 10.20; for 10.30, 11.x compatib ility libc.1_ID@@/main/r10dav/libc_dav/libc_ dav_cpe/8 /ux/core/libs/libc/shared_pa1/libc.1_ID Jul 16 1998 11:47:22 /usr/lib/libc.1: PATCH-PHCO_15807 for 10.20; for 10.30, 11.x compatib ility libc.1_ID@@/main/r10dav/libc_dav/libc_ dav_cpe/8 /ux/core/libs/libc/shared_pa1/libc.1_ID Jul 16 1998 11:46:22 /usr/lib/libdbm.1: Mar 10 1998 - Empty shared library /usr/lib/year2000.o: None cksum(1) Output: 4087106741 2440024 /usr/lib/libc.a 3961299104 2623264 /usr/lib/libp/libc.a 3546384274 2618330 /usr/lib/libpicc.a 3194282972 1855488 /usr/lib/libc.1 3794055262 12292 /usr/lib/libdbm.1 360085814 704 /usr/lib/year2000.o Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_8108 PHCO_8764 PHCO_8979 PHCO_9577 PHCO_10027 PHCO_11004 PHCO_11315 PHCO_12128 PHCO_12448 PHCO_12673 PHCO_13029 PHCO_13189 PHCO_13282 PHCO_13399 PHCO_13626 PHCO_13775 PHCO_13777 PHCO_14199 PHCO_14511 PHCO_14868 PHCO_14891 PHCO_15153 PHCO_15465 Equivalent Patches: None Patch Package Size: 9390 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_15807 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_15807.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHCO_15807.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_15807. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_15807.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_15807.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: If libc patches are installed without rebooting, applications currently running which are linked shared against libc will still continue using the former version of libc. If this presents a problem to any applications, you should reboot.