Patch Name: PHNE_10011 Patch Description: s700_800 10.20 kftpd(1M) cumulative patch Creation Date: 97/01/31 Post Date: 97/02/07 Repost: 97/02/14 The patch documentation was modified to reference an additional Service Request, SR 4701334763. The files included in the patch were not modified. Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: N/A Filesets: InternetSvcSec.INETSVCS-SEC InternetSvcSec.ISEC-ENG-A-MAN Automatic Reboot?: No Status: General Superseded Critical: Yes PHNE_10011: OTHER A timing problem could occur on receipt of a simultaneous data close and ABORT. Path Name: /hp-ux_patches/s700_800/10.X/PHNE_10011 Symptoms: PHNE_10011: (kftpd) * A ftp client could interrupt a data transfer by sending a data close and an ABORT. A timing problem has been observed on the kftpd side. PHNE_9786: (kftpd) * ftpd returns a 550 after an NLST when the file is not found. * Privileged ports cannot be specified as a part of the PORT command. * An error message "You've GOT to be joking" is displayed when a client specifies a privileged port as a data-port. * The command modtime displays incorrect date and time for some dates. Defect Description: PHNE_10011: (kftpd) * kftpd has been fixed to handle a simultaneous data close and ABORT appropriately. PHNE_9786: (kftpd) * ftpd returns a 550 after a NLST when a file is not found. The return code was changed to 450 per RFC 959. * An option "-p" has been added. The PORT command can now specify a privileged port as a data-port if this option is set. * The error message "You've GOT to be joking" has been replaced by "Port command failure". * The command modtime now behaves correctly. SR: 4701346098 5003343970 5003344846 5003322867 4701334763 Patch Files: /usr/lbin/kftpd /usr/share/man/man1m.Z/kftpd.1m what(1) Output: /usr/lbin/kftpd: Copyright (c) 1985, 1988 Regents of the University o f California. ftpd.c based on 5.28 (Berkeley) 4/20/89 Secure Internet Svcs - Revision 1.7.212.1 Sat Feb 1 01:30:15 GMT 1997 ftpcmd.y 5.20 (Berkeley) 2/28/89 glob.c 5.7 (Berkeley) 12/14/88 popen.c 5.7 (Berkeley) 2/14/89 logwtmp.c 5.2 (Berkeley) 9/22/88 /usr/share/man/man1m.Z/kftpd.1m: (none) cksum(1) Output: 414554285 507904 /usr/lbin/kftpd 1804873779 7823 /usr/share/man/man1m.Z/kftpd.1m Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_9786 Equivalent Patches: None Patch Package Size: 560 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_10011 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_10011.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_10011.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_10011. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_10011.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_10011.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: 1. Disable the InternetSvcSec product using the command "/usr/sbin/inetsvcs_sec disable" 2. Install patch. 3. Enable the product using command "/usr/sbin/inetsvcs_sec enable".