Patch Name: PHCO_29027

Patch Description: s700_800 11.00 libsec cumulative patch

Creation Date: 03/05/23

Post Date: 03/06/23

Hardware Platforms - OS Releases:
	s700: 11.00
	s800: 11.00

Products: N/A

Filesets:
	OS-Core.UX-CORE,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	ProgSupport.PROG-MIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	OS-Core.CORE-SHLIBS,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	OS-Core.CORE-64SLIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	ProgSupport.PROG-MN-64ALIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP

Automatic Reboot?: No

Status: General Release

Critical:
	No (superseded patches were critical)
	PHCO_24542: ABORT
	PHCO_23422: OTHER
		Reduces potential severe performance impact on a
		Trusted System with a very large I/O buffer cache
		and heavy I/O; the system may appear to be hung.

Category Tags:
	defect_repair general_release critical halts_system

Path Name: /hp-ux_patches/s700_800/11.X/PHCO_29027

Symptoms:
	PHCO_29027:
	(SR: 8606212549 CR: JAGad81735)
	remshd and ftpd can intermittently fail under
	heavy loads on a trusted system.

	PHCO_24542:
	(SR: 8606107314 CR: JAGab77493)
	On a trusted system, certain devices do not lock
	properly.

	(SR: 8606206706 CR: JAGad75879)
	On a trusted system, libsec could core dump when
	called by a multithreaded application.

	PHCO_23422:
	(SR: 8606180704 CR: JAGad49925)
	There are severe login delays on a Trusted System with a
	large I/O buffer cache; the system appears to be hung.

	(SR: 8606176050 CR: JAGad45290)
	Libsec could core dump in rare circumstances.

	This patch also removes the change that was done in the
	previous libsec patch - PHCO_20771, since that patch does
	not fix the problem it was intended to fix. That problem
	has now been fixed in inetd patch PHNE_21835.

	PHCO_20771:
	(SR: 8606124802 CR: JAGac40194)
	Child inetd process hangs for non-root service on trusted
	11.0 system with PHNE_17027 installed.

	PHCO_17622:
	(SR: 1653271601 CR: JAGaa51497)
	Login cannot obtain database info for some pty terminals.

Defect Description:
	PHCO_29027:
	(SR: 8606212549 CR: JAGad81735)
	remshd and ftpd can intermittently fail under
	heavy loads on a trusted system.

	Resolution:
	Fixed a timing problem in libsec.

	PHCO_24542:
	(SR: 8606107314 CR: JAGab77493)
	On a trusted system, certain devices do not lock
	properly, because libsec improperly identifies
	them as pseudo-devices.

	Resolution:
	Updated the pseudo-device identification algorithm.

	(SR: 8606206706 CR: JAGad75879)
	On a trusted system, a multithreaded application may
	coredump if it calls libsec with more than one thread.
	Libsec does not support two or more simultaneous threads,
	however, a coredump could occur even in the case where
	the threads are not simultaneous.

	Resolution:
	Libsec now properly handles two or more non-simultaneous
	threads.

	PHCO_23422:
	(SR: 8606180704 CR: JAGad49925)
	A login to a Trusted System with a very large buffer cache
	can take an extremely long time, because libsec sync's the
	entire buffer cache each time it updates the /tcb database.

	Resolution:
	Libsec no longer sync's the entire buffer cache when it
	updates the /tcb database. Now it syncs only the database
	files which were modified.

	(SR: 8606176050 CR: JAGad45290)
	A buffer allocated in libsec is too small and could cause
	a core dump.

	Resolution:
	Increased the size of a buffer that could overflow.

	PHCO_20771:
	(SR: 8606124802 CR: JAGac40194)
	Customer has a process spawned by inetd that needs to run
	as a non-root user. The environment is trusted HP-UX 11.0.
	After installing PHNE_17027, when a request for the
	non-root service arrives, inetd forks a child which hangs
	prior to exec'ing the appropriate executable.
	The problem is because some libsec functions leave the
	"default file" file pointer open after returning, and
	think the file pointer is still opened and usable after
	someone else (inetd in this case) closes all opened file
	descriptors.

	Resolution:
	The relevant libsec functions now close the "default file"
	file pointer (via a endprdfent call) before returning.

	PHCO_17622:
	(SR: 1653271601 CR: JAGaa51497)
	Missing pty entries in /tcb/files/ttys and devasign files.

	Resolution:
	The fix is for libsec to generate the pty structures needed
	by the caller routines without looking up the databases.
	The ttys and devassign files were never intended for ptys.

Enhancement:
	No

SR:
	8606124802 1653271601 5003431114 8606180704 8606176050
	8606107314 8606206706 8606212549

Patch Files:
	
	OS-Core.UX-CORE,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/nls/msg/C/libsec.cat

	ProgSupport.PROG-MIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/libsec.a

	OS-Core.CORE-SHLIBS,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/libsec.2

	OS-Core.CORE-64SLIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/pa20_64/libsec.2

	ProgSupport.PROG-MN-64ALIB,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/pa20_64/libsec.a

what(1) Output:
	
	ProgSupport.PROG-MIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/libsec.a:
		PHCO_29027

	OS-Core.UX-CORE,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/nls/msg/C/libsec.cat:
		None

	OS-Core.CORE-SHLIBS,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/libsec.2:
		PHCO_29027

	OS-Core.CORE-64SLIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/pa20_64/libsec.2:
		PHCO_29027

	ProgSupport.PROG-MN-64ALIB,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/pa20_64/libsec.a:
		PHCO_29027

cksum(1) Output:
	
	ProgSupport.PROG-MIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	4044042193 124716 /usr/lib/libsec.a

	OS-Core.UX-CORE,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	83746606 416 /usr/lib/nls/msg/C/libsec.cat

	OS-Core.CORE-SHLIBS,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	2081998737 147456 /usr/lib/libsec.2

	OS-Core.CORE-64SLIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	2926746879 141080 /usr/lib/pa20_64/libsec.2

	ProgSupport.PROG-MN-64ALIB,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	3516493735 228546 /usr/lib/pa20_64/libsec.a

Patch Conflicts: None

Patch Dependencies: None

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHCO_17622 PHCO_20771 PHCO_23422 PHCO_24542

Equivalent Patches:
	PHCO_29028:
	s700: 11.11
	s800: 11.11

Patch Package Size: 250 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHCO_29027

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHCO_29027.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHCO_29027.  If you do not wish to retain a
	copy of the original software, include the patch_save_files
	option in the swinstall command above:

		-x patch_save_files=false

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHCO_29027.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHCO_29027.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHCO_29027.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions: None