Patch Name: PHSS_11074 Patch Description: s700_800 10.24 VirtualVault Transaction Srver A.02.00 patch Creation Date: 97/05/13 Post Date: 97/05/20 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: VirtualVault Transaction Server A.02.00 US/Canada Release (B5409AA, B5411AA) VirtualVault Transaction Server A.02.00 International Release (B5410AA, B5412AA) Filesets: VaultNES.NES-COMMON,A.02.00 VaultTS.VAULT-CORE-CMN,A.02.00 Automatic Reboot?: Yes Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHSS_11074 Symptoms: PHSS_11074: 1) Posts of multipart/form data fail, resulting in a message to the browser indicating that the post exceeded a 16k limit. 2) Customer CGI's which do not allow for full pathnames core when run via the VV2.0 TGA. PHSS_10435: 1) Disk I/O significantly increases with rising Web traffic load and subsequently slows system performance. 2) Program Integrity Code failures with TGA daemon 3) CGI execution failures auditing same generic message PHSS_10371: All POST requests have a 2 minute delay. Defect Description: PHSS_11074: 1) PHSS_10371 introduced a 16k byte data POST limitation on the NSAPI TGA client module. This patch removes that limitation to provide unlimited posting of data as the pre-PHSS_10371 TGA NSAPI module allowed. 2) Adds short pathname, VV1.0-like, CGI compatibility flag. As of version 2.0 of VVTS, poorly written CGIs core when started via the NSAPI. The reason is that the CGI is expecting a basename in argv[0], rather than a full pathname to the CGI. VV 1.0 only passed the basename in argv[0], which is inconsistent with the base Enterprise Server's normal operation. Then NSAPI TGA in VV2.0 corrected the inconsistency, and revealed some poor programming in certain customer CGI programs. This patch adds a -s1 compatibility switch to the tgad executable to allow the CGIs to run. PHSS_10435: 1) The creation of a new Unix Domain socket on the filesystem for each CGI execution becomes prohibitive during heavy load conditions. The establishment and subsequent unlinking of files causes a thrashing of the systems disk and degrades the overall performance of the machine. By switching to a single connection point throughout execution, the thrashing is eliminated. 2) The MD5 routine used to generate the Program Integrity Codes (PIC) had an extra 'byteReverse()' call in it. This made the resultant sum have the byte ordering reversed throughout the hash value. As a result, PICs from the VV 1.x versions of the product would not be usable with 2.0. 3) If the TGA daemon can not execute a given CGI request, it places a specific error message into a buffer for later auditing. This specific error message was always being overwritten by a more generic message just before the audit event was written to disk. PHSS_10371: 1) A malformed loop construct did an extra read when pulling post data from the browser into the NSAPI module. At that time, no data was available for reading. The routine would wait 2 minutes for the non-existent data to arrive and then time out. This had the effect that all POST requests would have a 2 minute delay. 2) The NSAPI routine netbuf_getc() returns a positive number on success: zero or minus one on error. By explicitly checking for 'zero', the ability to POST binary data was removed. This is not acceptable. SR: 4701349415 4701349506 4701349514 4701348870 4701354373 4701354365 Patch Files: /var/opt/vaultTS/outside/nsbase/bin/https/vvtga.so /opt/vaultTS/root/tcb/lib/tgad what(1) Output: /var/opt/vaultTS/outside/nsbase/bin/https/vvtga.so: HP VirtualVault, vvtga.so, revision A.02.00 w/ PHSS_ 10371, PHSS_11074 swp/src/gateway/cgi2/nsapi/env.c, swp_gw_client, vau ltTS_2.0 1.4 01/08/97 swp/src/gateway/cgi2/nsapi/argv.c, swp_gw_client, va ultTS_2.0 1.4.1.1 01/29/97 swp/src/gateway/cgi2/iolib/io.c, swp_gw_client, vaul tTS_2.0 1.3 01/06/97 /opt/vaultTS/root/tga/lib/tgad: HP VirtualVault, tgad, revision A.02.00 w/ PHSS_1043 5, PHSS_11074 /usr/lib/libc: $Revision: 74.9.1.16 $ cksum(1) Output: 931298314 32852 /var/opt/vaultTS/outside/nsbase/bin/https/ vvtga.so 2054700123 316378 /opt/vaultTS/root/tcb/lib/tgad Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_10371 PHSS_10435 Equivalent Patches: None Patch Package Size: 410 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_11074 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_11074.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_11074.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_11074. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_11074.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_11074.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Short Pathname Compatibility Option: The Short Pathname Compatibility Option affects the pathname stored in argv[0] during CGI invocation. In a normal CGI startup from the Netscape Enterprise/Commerce Server, argv[0] contains the fully qualified pathname to the CGI executable. VirtualVault A.01.XX changed this behavior by only passing the basename of the CGI. VirtualVault A.02.00 corrected this and, as a result, affected CGIs written to only expect a short pathname. To obtain VirtualVault A.01.XX behavior, the '-s1' switch has been added to the tgad. To make use of this option, modify the tgad entry in /etc/inittab to include the '-s1' switch in the tgad startup command.