Patch Name: PHNE_14267 Patch Description: s300_400 9.X ftp(1) and ftpd(1M) year 2000 cumulative patch Creation Date: 98/02/23 Post Date: 98/04/28 Hardware Platforms - OS Releases: s300_400: 9.00 9.03 9.10 Products: N/A Filesets: ARPA-RUN ARPA-MAN Automatic Reboot?: No Status: General Release Critical: No Path Name: /hp-ux_patches/s300_400/9.X/PHNE_14267 Symptoms: PHNE_14267: modtime command in ftp(1) does not work with files created on or after January 1, 2000. newer command in ftp(1) does not work if the remote file has been created on or after January 1, 2000 and the local file was created before January 1, 2000. PHNE_6146: (ftpd) * The PORT command would allow connections to 3rd party servers at random ports, and combined with quoted commands, could be used to mask the source IP address of that connection. (ftp) * Slow performance on fast links with large MTU sizes. (ftpd) * Users with expired passwords would be allowed access. * Slow performance on fast links with large MTU sizes. (ftpd) * Indefinite hanging of ftpd when connection is accidentally or deliberately broken. (ftp) * Indefinite hanging of ftp when connection is accidentally or deliberately broken. (ftpd) * Users specifying PORT numbers for proxy/pasv transfers could not specify tcp ports less than 1024. NOTE: PHNE_6146 reinstates this behavior. (ftpd) * The ftp "newer" command would overwrite a newer file with an older file when the source file is not over a month older than the target file. PHNE_4896: (ftpd) * Password expiration was not noticed or acted upon. * Data socket buffer size was fixed at 32 kbytes. The new default is 56 kbytes, and a new option, -B, has been added that permits selection of the size (smaller sizes for slow links like X25 and larger sizes for FDDI.) The man page includes info on using this option. PHNE_3709: (ftp) * FTP file transfer type is not reset to it's default value of ascii on disconnect. It retains the value from the last connection. PHNE_3708: (ftp) * see PHNE_3709 PHNE_3037: (ftpd) * FTP 'put' returns wrong value when attempting to write to a full file system. Wrong message given is "... No such file or directory.". Correct message should be "...No space left on device.". PHNE_2045: (ftpd) * The -u option did not work if there was a space between the -u and . * Not enough information logged into log files. Defect Description: PHNE_14267: The software was not designed with the year 2000 in mind. PHNE_6146: (ftpd) * There were no limits on the range of allowable PORTs. Now only ftp-data ports on the system originating the ftp-ctrl connection are accepted, and only non-privileged ports on that system are permitted. (ftp) * Data socket buffer size was fixed at 32 kbytes. The new default is 56 kbytes, and a new option, -B, has been added that permits selection of the size (smaller sizes for slow links like X25 and larger sizes for FDDI.) The man page includes info on using this option. (ftp) * Disconnects idle connections when TCP times out. (ftpd) * Fixed date comparison. (ftpd) * Port numbers below 1024 were rejected by the code. NOTE: PHNE_6013 re-instates this behavior to deal with avoiding uses of this ftpd for server bouncing. PHNE_4896: (ftpd) * Password expiration was not noticed or acted upon. * Data socket buffer size was fixed at 32 kbytes. The new default is 56 kbytes, and a new option, -B, has been added that permits selection of the size (smaller sizes for slow links like X25 and larger sizes for FDDI.) The man page includes info on using this option. PHNE_3709: (ftp) * FTP file transfer type is not reset to it's default value of ascii on disconnect. It retains the value from the last connection. PHNE_3708: (ftp) * see PHNE_3709 PHNE_3037: (ftpd) * FTP 'put' returns wrong value when attempting to write to a full file system. Wrong message given is "... No such file or directory.". Correct message should be "...No space left on device.". PHNE_2045: (ftpd) * Corrected parsing to permit space or no space between -u and . * Added -v option to permit verbose logging, when used in combination with the -l logging option. SR: 4701383638 4701298950 1653035428 5000685289 5003165050 5003053928 1653107953 4701223032 5000692228 5000698373 4701175208 Patch Files: /usr/bin/ftp /etc/ftpd /usr/man/man1.Z/ftp.1 /usr/man/man1m.Z/ftpd.1m what(1) Output: /usr/bin/ftp: Copyright (c) 1985, 1989 Regents of the University o f California. main.c based on 5.13 (Berkeley) 3/14/89 Revision 1.1.109.2 Wed Oct 18 16:40:00 GMT 1995 PATCH_9.X PHNE_14267: $Revision: 1.1.109.2 $ cmds.c 5.18 (Berkeley) 4/20/89 cmdtab.c 5.9 (Berkeley) 3/21/89 ftp.c 5.28 (Berkeley) 4/20/89 glob.c 5.7 (Berkeley) 12/14/88 ruserpass.c 5.1 (Berkeley) 3/1/89 domacro.c 1.6 (Berkeley) 2/28/89 /etc/ftpd: Copyright (c) 1985, 1988 Regents of the University o f California. ftpd.c $Revision: 1.25.109.9 $ $Date: 95/10/18 13:12 :01 $ ftpd.c based on 5.28 (Berkeley) 4/20/89 Revision 1.7.109.3 Wed Oct 18 19:43:17 GMT 1995 PATCH_9.X PHNE_14267: $Revision$ ftpcmd.y 5.20 (Berkeley) 2/28/89 ftpcmd.y $Revision: 1.11.109.4 $ $Date: 95/10/18 13: 22:43 $ glob.c 5.7 (Berkeley) 12/14/88 popen.c $Revision: 1.7.109.2 $ $Date: 95/10/18 13:22 :50 $ popen.c 5.7 (Berkeley) 2/14/89 logwtmp.c 5.2 (Berkeley) 9/22/88 /usr/man/man1.Z/ftp.1: None /usr/man/man1m.Z/ftpd.1m: None sum(1) Output: 3668 122 /usr/bin/ftp 58294 103 /etc/ftpd 6674 21 /usr/man/man1.Z/ftp.1 34094 14 /usr/man/man1m.Z/ftpd.1m Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_2045 PHNE_3037 PHNE_3708 PHNE_3709 PHNE_4896 PHNE_6146 Equivalent Patches: None Patch Package Size: 190 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Copy the patch to your /tmp directory and unshar it: cd /tmp cp patch_source/PHNE_14267 . sh PHNE_14267 3. Become root and run update: /etc/update [-r [kernel_gen_file]] -s \ /tmp/PHNE_14267.updt PHNE_14267 Update moves the original software to /system/PHNE_14267/orig. Keep this file to recover from any potential problems. You should move the .text file to /system/PHNE_14267 for future reference. To put this patch on a magnetic tape and update from the tape drive, use dd: dd if=PHNE_14267.updt of=/dev/rmt/0m bs=2048 Special Installation Instructions: NOTE: This patch disables proxy transfers.