Patch Name: PHCO_8760 Patch Description: s700 9.X libc cumulative patch Creation Date: 96/10/03 Post Date: 96/11/29 Hardware Platforms - OS Releases: s700: 9.01 9.03 9.05 9.07 Products: N/A Filesets: C-MIN CORE-SHLIBS Automatic Reboot?: No Status: General Release Critical: Yes PHCO_8760: CORRUPTION PHCO_7747: MEMORY_LEAK PHCO_4993: HANG PHCO_4370: HANG PHCO_4094: MEMORY_LEAK PHCO_2679: ABORT PHCO_2010: MEMORY_LEAK PHCO_1689: ABORT Path Name: /hp-ux_patches/s700/9.X/PHCO_8760 Symptoms: PHCO_8760: Random truncation of strings with strcat due to fix attempted in PHCO_8300. PHCO_8300: getcwd returns EINVAL when a negative buflen is passed in. memchr may core dump when char is not found. Sometimes strcat would attempt to access an unmapped page of memory. - When converting from SJIS to Japanese EBCIDIC, iconv(3c) outputs a 0xf as the first byte if the first character of the input file is an ASCII character. - This defect in iconv(3c) also manifests itself in iconv(1). PHCO_7747: Fix memory leak in closedir(), originally fixed in libc patch PHCO_4094, but subsequent changes caused defect to occur again. This was causing tar to fail when it ran out of memory on operations on large numbers of files. If an application has a directory open (via opendir()) and deletes files from the directory while traversing it (using readdir()), then telldir() and seekdir() may get out of sync, causing subsequent readdir()'s to work incorrectly. This fix was originally in PHCO_3788, but was dropped when subsequent changes were made. Inefficient sequential searches of services.byname NIS map carried out during a getservbyport() call under some conditions. PHCO_7155: catgets cannot access catalog sets greater than 255. PHCO_6780: Undocumented behavior for strncpy was missing. qsort performs very badly on sorted blocks of data - customer found that qsort on a file with 100,000 randomly sorted records took seconds, whereas a file of 100,000 records containing large sorted blocks took over an hour to sort. PHCO_6597: Incorporates fix for automounter with ClearCase hang. Calls to update_mountab will no longer hang for these file systems. PHCO_6425: Fixes bad patch PHCO_6401 PHCO_6401: Applications calling strncpy() may core dump at page boundary between a valid and an invalid page. PHCO_6191: Fixes dial (3C), getgrent (3C), getpwent (3C) and getmount. Fixes stack overrun defect in syslog. PHCO_5791: RPC_TIMEOUT occurs when a unsupported version request is sent to the portmap process. Race conditions when using msemlock and msemunlock functions. Cu doesn't support DATAKIT, uucp does. Customer can establish (and has established) UUCP connections via DATAKIT. However, should the UUCP or UUTRY attempt fail, he can not use cu to trouble shoot the problem. PHCO_5530: When the name service switch feature is configured for a fallback between /etc/hosts and DNS, then there may be bogus aliases added to the response to a query for gethostbyaddr(). Possible corruption of the h_name field of the hostent returned by gethostbyname(), when the gethostbyname() parameter contains an IP address. When there are a large number of users in a NIS (YP) environment in a single domain the performance of the password look ups, and logins may be slow. PHCO_5430: Some syslog entries do not get written to the log file. The strncpy(3c) function fails with "segmentation violation" when (a) the source string ends on a page boundary, (b) the page following the source string has not been allocated to the process, and (c) the source and destination pointers are not aligned the same. PHCO_5339: The regcomp(3c), and regexec(3c) functions do not handle the case of alternation case correctly when the subexpressions are reversed. The regexec(3c) did not properly find a match when the REG_NEWLINE flag is used and a BOL anchor is part of the expression. Calling setusershell(3c) may cause data corruption in the user's heap area. The routines in the password entry family of routines may encounter various problems (core dumps, corrupted heap--such as malloc structures, etc.) on systems using NIS. PHCO_5222: When using the %V format descriptor with strftime(3c), the count for the number of weeks is incorrect when processing week 1. This problem can be demonstrated in applications that use strftime(3c) or date(1). PHCO_5153: The way ypbind works is that it tries to use version 2 NIS protocol. If this fails, it tries to use version 1 protocol. If NIS version 1 also fails, then ypbind at 9.X does not retry version 2. This patch is an enhancement to ypbind such that it retries NIS version 2 again. xdr_free() performance is slow when releasing a large chained list or a large data structure that has been malloc'ed by an rpc client or server call. PHCO_5056: Fixes incomplete patch PHCO_4993. PHCO_4993: Calls to malloc for greater than 1Gb of memory fail with ENOMEM. Calls to opendir with device files and pipes hangs. Defect Description: PHCO_8760: The fix for strcat's page boundary problem caused truncation of some strings. PHCO_8300: According to X/Open, getcwd takes a second argument of type of size_t and returns EINVAL only when the second argument is 0. memchr tries to read beyond end of valid memory when char is not found in thestring and may core dump. The strcat call didn't handle an optimized pre-fetching strategy properly, causing the read of bytes belonging to unmapped pages. The conversion algorithm from SJIS to Japanese EBCIDIC did not correctly handle the case where an input file begins with an ASCII character. PHCO_7747: Needed to coordinate allocation / deallocation strategy for opendir() / closedir(). Telldir() and seekdir() may get out of sync when a directory was deleted. This fix was originally in PHCO_3788, but was dropped when subsequent changes were made. The code has been enhanced to avoid sequential searches wherever possible. An NIS map sequential search will now only be triggered if no protocol parameter was passed to getservbyport() AND the specified port number does not exist in the services.byname map with either the tcp or udp protocol string. PHCO_7155: Added support for catgets to access message sets from 256 to 1023. General support for creating catalogs with these sets will be added in a future release. PHCO_6780: Added support back for an undocumented strncpy behavior which had been previously removed for performance reasons. qsort needed to pick an alternate pivot point when detecting sorted or partially sorted data in order to improve poor performance. PHCO_6597: automounter hangs with Atria's clearcase product. PHCO_6425: Unaligned strings cause bus errors for programs. PHCO_6401: Unaligned strings cause bus errors for programs. PHCO_6191: Netgroup exclusion in the password file doesn't work correctly. The NFS automount daemon hangs and the /etc/mnttab is held locked by automount. No new mounts/unmounts can take place. This happens when the system is running a third party VFS such as the ClearCase file system. Cu doesn't support DATAKIT. PHCO_5791: The portmap RFC states that the portmap process should not respond to an unsupported version request. However, everyone's portmap process does. This has lead customers to expect the portmap process to respond with a RPC_VERSIONMISMATCH instead of RPC_TIMEOUT. Race conditions when using msemlock and msemunlock functions. Cu calls dial() in libc to establish connections. Support for datakit was not available in dial() for HPUX 9.x. PHCO_5530: When the last entry in /etc/hosts has aliases and the switch feature allows the use of files prior to dns, then the pointers to aliases may still point to portions of the host line buffer. Doing a gethostbyaddr() in such a situation, and examining the aliases list should reveal such a situation. The case where gethostbyname() resolves a name passed as an IP address incorrectly sets the h_name field in the hostent structure to point directly to the passed parameter. Thus if the parameter was an automatic variable and the hostent structure was global relative to the parameter, or the variable used as the parameter is modified prior to the use of the h_name field, then the h_name field will be modified too. This is a old defect and is inherited from standard BSD code, but has recently been noticed. The initgroups(3C) routine takes a long time to find the requested information in a large NIS (YP) environment. PHCO_5430: The syslog(3c) function does not take adequate measures to avoid losing messages when the pipe is full. The strncpy (3c) function reads an extra word from memory which may lead to an application abort if the address is out of the current allocated heap space. PHCO_5339: The regcomp(3c)/regexec(3c) functions do not handle the alternation expression correctly when the one of the subexpressions contain a negated bracket expression. (ie (([^a-c])|[x-z]))[d-f] ). The bracket expressions following the bracket subexpression [^a-c] will be incorrectly negated. The regcomp(3c)/regexec(3c) functions were not properly matching newline conditions when the flag REG_NEWLINE has been set and a anchor character is involved. A routine called by setusershell() writes one additional byte to memory blocked than was orignally allocated. A call to getpwent(3c) on a system with NIS may free a malloc block without recording this action. Future calls to any routines in this family may attempt to free the same block a second time. PHCO_5222: The %V format descriptor in the strftime(3c) function returned an incorrect value for the week number for the first week of the year. PHCO_5153: Yp_bind tries to use version 1 protocol. If NIS version 1 also fails, then ypbind at 9.X does not retry version 2. This patch is an enhancement to ypbind such that it retries NIS version 2 again, if NIS version 1 fails. The rpc/xdr modules maintain a link list of memory addresses that have been allocated by rpc/xdr. As the link list grows in size, more time is needed to search the list when releasing memory via xdr_free(). PHCO_5056: This patch corrects patch PHCO_4993 for malloc(3c). PHCO_4993: The malloc(3c) function would test for memory > 1Gb and flag them as illegal requests. This is not a problem with most applications; however, applications built with with the linker option '-N' would be limited to memory requests of less than 1Gb per call. The opendir(3c) function could hang when passed a device file or a named pipe. PHCO_4929: Fixed problem where a call to gethostbyname(3N) or gethostent(3N) would corrupt the hostent structure when the requested hostname resulted in many addresses (~30 or more) being returned from the nameserver. Fixed rpcinfo reporting to conform to standard behavior. PHCO_4875: Fixed RPC Portmapper to prevent unwanted errors reported from udp broadcast protocols. Allow RPC execution on a standalone machine by using the loopback address. PHCO_4666: Fixed mktime(3C) to be XPG4 conformant. Fixed SIGSEGV in sscanf(3S) for code compiled +ESlit. Fixed directory(3C) routines for non standard block size directories. Fixed a permissions problem in authunix_create(3N). Fixed getpwent(3C) routines to handle blank lines. Fixed getgrent(3C) routines to handle blank lines. PHCO_4370: Fixed rpc code which would hang when an application repeatedly received a signal while a function which uses rpc over udp (such as getservbyname()) was executing. Narrowed the acceptance of IP addresses by gethostbyname() to true dotted quads with appropriate values. Any variations will now be treated as a host name. Corrects a problem where using 127.0.0.1 in resolv.conf would hang and cause other nameservers in resolv.conf not to be tried. Corrects a masking problem in inet_makeaddr(), where a network broadcast address would fail. PHCO_4186: Added missing RPC routine clnt_create_vers(3C). PHCO_4094: Fixed memory leak in closedir(3C). PHCO_3990: Fixes a problem where "program not registered" error was returned from clnt_create(3C) even though the call was successful. PHCO_3882: Solves a problem of tcp connections being left open after a successful yp_all(3C) call. If yp_all(3C) is called enough times, it will use up all file descriptors available to the process. PHCO_3876 (initially released as a s800 patch): closedir() was not closing the directory opened by opendir(), so a process that called the directory(3C) routines would eventually run out of available file descriptors. PHCO_3788 (initially released as a s800 patch): If an application has a directory open (via opendir()) and deletes files from the directory while traversing it (using readdir()), then telldir() and seekdir() may get out of sync, causing subsequent readdir()'s to work incorrectly. PHCO_3703: Allows gethostbyXXX() routines to be configurable in using name services. PHCO_3400: This patch fixes a problem in a family of routines: getwchar(3C), fgetwc(3C), putwchar(3C), fputwc(3C) and ungetwc(3C). Japanese EUC codeset 2 (Hankaku Katakana or JISX0201) characters are not properly converted from multibyte to wide character format, and vice-versa. No other locales are affected by this problem. PHCO_3189: This patch fixes a problem in dynamically linked commands (e.g. /etc/umount and /etc/syncer) where the /etc/mnttab entry for an HP OmniStorage filesystem was not being updated properly. PHCO_3124: This patch corrects a bug in getnetgrent(3C) where continuation lines in /etc/netgroup were not handled properly. PHCO_2820: This patch corrects the following problems in strftime(3C): 1. Fixes "%U" and "%W" output for all dates. Previously, when January 1st fell on the first day of the week, the conversions for the "%U" and "%W" specifiers were off by 1. 2. Fixes return value when buffer length passed to strftime(3C) was exactly large enough to hold the formatted output. Previously, strftime(3C) would return 0 indicating failure, when in fact there was sufficient room in the buffer to hold the output. PHCO_2679: free() causes core dumps when mx_fast is set or when thre are a high number blocks. PHCO_2638: Lines in the /etc/exportfs file that are longer than 1023 characters will be truncated when read due to a defect in exportent(3N). This can cause exportfs(1M) to fail. PHCO_2405: Problem: Beginning with release 9.01, when the directory(3C) functions are used on a directory residing in a file system with a non standard block size, telldir() returns -1 with errno set to ENOENT and seekdir() sets errno to ENOENT. This patch corrects the problem so that telldir() and seekdir() work correctly on all file systems. This problem may be seen when accessing a third party file system such as ClearCase with SoftBench. PHCO_2278: The following incorrect behaviors for getcwd() function have been corrected as follows: 1. Allow the valid return of the current working directory when said directory has a search only protection code (mode 111). 2. Improve cacheing of Current working directory when multiple getcwd() calls are made. 3. Correct potential data corruption problem. getcwd() was ignoring the length parameter being passed to it. PHCO_2010: This patch corrects two problems with getdate(3C): 1. getdate() does not close a file that it opens. If getdate() is called enough times, it will use up all file descriptors available to the process. getdate() opens the file specified by the environment variable " DATEMSK", however it does not close the file when it is done. If getdate() is called enough times, it will use up all file descriptors available to the process. 2. getdate() leaks memory. getdate() does not release the dynamically allocated data structures that it uses. PHCO_1762: 1. The printf(3S) '%S' conversion specifier does not convert Japanese EUC codeset 2 characters properly. This patch fixes the printf family of routines (fprintf, sprintf, vprintf, etc.) 2. A call to getgrent(3C) will core dump if /etc/group or /etc/logingroup contains an entry of the form: "+::" and the Network Information Service (NIS or YP) is not enabled. PHCO_1689: getpwnam(3C) will generate a SIGBUS error and core dump when passed an NIS-excluded name found in /etc/passwd, e.g. an entry like "-name:*:0:0:::". SR: 5003262022 5003313759 4701328161 1653150177 5003306746 5003294843 5003285221 1653123653 5003173963 5003249490 4701286187 1653121954 5003247882 1653119107 1653112094 1650144907 1653019455 1653056788 1653067611 4701190009 5000621557 5000682856 5000691105 5000695916 5003056952 5003080218 5003082958 5003104695 5003120675 5003122614 5003125310 5003136721 5003172734 5003173351 1653067421 5003163642 1653085373 5003154088 5000696393 5003123778 5003156844 5003181420 4701265157 5003192435 1653028837 1653104638 5003130245 1653110056 1653102079 5003235648 5003233056 4701285791 4701290700 5003260257 5003285221 Patch Files: /lib/libc.a /lib/libc.sl what(1) Output: /lib/libc.a: PATCH/9_0 PHCO_8760 $Revision: 72.26.1.125 $ 9.X nsswitch patch Rev B PATCH_9.X svc.c /lib/libc.sl: 9.X nsswitch patch Rev B PATCH/9_0 PHCO_8760 $Revision: 72.26.1.125 $ PATCH_9.X svc.c sum(1) Output: 64212 3312 /lib/libc.a 31580 2272 /lib/libc.sl Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_1689 PHCO_1762 PHCO_2010 PHCO_2278 PHCO_2405 PHCO_2638 PHCO_2679 PHCO_2820 PHCO_3124 PHCO_3189 PHCO_3400 PHCO_3703 PHCO_3882 PHCO_3990 PHCO_4094 PHCO_4186 PHCO_4370 PHCO_4666 PHCO_4875 PHCO_4929 PHCO_4993 PHCO_5056 PHCO_5153 PHCO_5222 PHCO_5339 PHCO_5430 PHCO_5530 PHCO_5791 PHCO_6191 PHCO_6401 PHCO_6425 PHCO_6597 PHCO_6780 PHCO_7155 PHCO_7747 PHCO_8300 Equivalent Patches: PHCO_8761: s800: 9.00 9.04 Patch Package Size: 2850 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Copy the patch to your /tmp directory and unshar it: cd /tmp cp patch_source/PHCO_8760 . sh PHCO_8760 3. Become root and run update: /etc/update [-r [kernel_gen_file]] -s \ /tmp/PHCO_8760.updt PHCO_8760 Update moves the original software to /system/PHCO_8760/orig. Keep this file to recover from any potential problems. You should move the .text file to /system/PHCO_8760 for future reference. To put this patch on a magnetic tape and update from the tape drive, use dd: dd if=PHCO_8760.updt of=/dev/rmt/0m bs=2048 Special Installation Instructions: If a prior libc patch has been installed and the system has not been rebooted prior to the installation of this patch then rename the file '/lib/libc.sl.install' to '/lib/libc.sl.install.1'. After the next reboot of the system remove the file '/lib/libc.sl.install.1'.