Patch Name: PHCO_30269

Patch Description: s700_800 11.11 cumulative sh-posix(1) patch

Creation Date: 04/05/19

Post Date: 04/06/15

Repost: 04/08/03 
	The Symptoms, Defect Description, and SR fields were
	modified to add information about an additional issue
	addressed by PHCO_27345.  The issue documented in Service
	Request 8606215422 (JAGad84609) is addressed by PHCO_27345. 

Hardware Platforms - OS Releases:
	s700: 11.11
	s800: 11.11

Products: N/A

Filesets:
	OS-Core.CORE-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP
	OS-Core.UX-CORE,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP

Automatic Reboot?: No

Status: General Release

Critical:
	Yes
	PHCO_30269: ABORT HANG MEMORY_LEAK
		sh-posix shell dumps core if the arguments contains
		illegal multibyte characters.
		Shell script communicating with a coprocess might
		hang.
		Fix for sh-posix(1) memory leaks with "set -A".
	PHCO_27345: CORRUPTION MEMORY_LEAK HANG
		Fix for sh-posix(1) stack corruption
		while expanding an argument of length
		2046 characters inside here-documents.
		Fix for sh-posix(1) memory corruption in
		emacs mode of editing.
		Fix for memory leakage in sh-posix(1) when
		$! is used in a loop.
		Fix for sh-posix(1) hang when shell tries
		to output long strings (>1024 bytes) in a
		multibyte environment.
	PHCO_27017: HANG
		This patch fixes the problem when sh-posix
		receives a read error after receiving a
		SIGWINCH. Previously it used to hang for
		above condition
	PHCO_25597: OTHER HANG
		This patch fixes the problem of the posix shell
		hanging when directory names involving symbolic
		links are parsed.
		This patch also fixes the POSIX shell to adhere
		to ISOC standards by recognizing octal and hexa
		decimal notations.

Category Tags:
	defect_repair enhancement general_release critical
	halts_system corruption memory_leak

Path Name: /hp-ux_patches/s700_800/11.X/PHCO_30269

Symptoms:
	PHCO_30269:
	( SR:8606343885 CR:JAGaf04737 )
	sh-posix(1) scripts using coprocess can occasionally hang.

	( SR:8606343892 CR:JAGaf04744 )
	Job control does not work in sequential lists.

	( SR:8606343893 CR:JAGaf04745 )
	Shell might overwrite existing files even when noclobber
	option is set.

	( SR:8606350160 CR:JAGaf10981 )
	sh-posix(1) shell dumps core if the arguments contains
	any illegal multibyte characters.

	( SR:8606350935 CR:JAGaf11747 )
	Using $(..) or `..` with data length of 1022 characters in
	sh-posix(1) script can cause part of the data to be lost.

	( SR:8606352477 CR:JAGaf13282 )
	"set -A" leaks memory in sh-posix(1) shell.

	PHCO_28832:
	( SR:8606303907 CR:JAGae67257 )
	On sh-posix(1), when a signal - 0 is sent to a stopped
	process using the built-in kill command (kill -s 0 <pid>),
	it continues to run.

	( SR:8606312643 CR:JAGae75459 )
	When the kernel tunable - maxdsiz is set to a value
	greater than 0x7fffffff, the sh-posix(1) built-in
	ulimit, displays incorrect results.

	( SR:8606234492 CR:JAGae03690 )
	Under certain conditions, sh-posix(1) executes a different
	script than it was intended to, when the script to be
	executed had #!/usr/bin/ksh as the interpreter.

	( SR:8606300146 CR:JAGae63614 )
	When sh-posix(1) is invoked with -c option, the built-in
	command - trap, does not behave as expected if called
	after execution of a non-built-in command.

	( SR:8606309659 CR:JAGae72534 )
	On sh-posix(1), when a function returns using the built-in
	return with ampersand (return &) and the script is executed
	with the built-in dot command (. ./script), commands after
	returning from the function are executed twice.

	( SR:8606333394 CR:JAGae94483 )
	Expressions in - let "..", $((..)), ((..)) are processed
	as per ISO C standards in sh-posix(1). Numbers beginning
	with 0 are treated as octal and 0x/0X are treated as
	hexadecimals. This causes certain scripts to fail.

	PHCO_27345:
	( SR:8606276501 CR:JAGae40579 )
	sh-posix(1) corrupts memory in emacs mode of editing.

	( SR:8606204395 CR:JAGad73577 )
	sh-posix(1) handles the cursor incorrectly when the
	prompt string has escape sequences.

	( SR:8606277532 CR:JAGae41602 )
	sh-posix(1) with '-c' option, leaves temporary
	files when here-document is used in functions.

	( SR:8606269405 CR:JAGae33640 )
	echo(1) built-in command of sh-posix(1) hangs
	when long multi-byte input is processed.

	( SR:8606290665 CR:JAGae54511 )
	sh-posix(1) stops waiting for kill -STOP child
	processes.

	( SR:8606274899 CR:JAGae38976 )
	Memory leakage in sh-posix(1) when using $! in a loop.

	( SR:8606287774 CR:JAGae51707 )
	Macro expansion in sh-posix(1) fails with an argument
	of length 2046 characters.

	( SR:8606285956 CR:JAGae49897 )
	sh-posix(1) does not handle the file-system related
	failures correctly.

	( SR:8606272215 CR:JAGae36355 )
	With a script having arrays, sh -n <script> reports
	the error message "specified subscript cannot be
	greater than 1024".

	( SR:8606215422 CR:JAGad84609 )
	sh-posix shell running a script having few background
	processes might hang.

	PHCO_27017:
	( SR:8606234035 CR:JAGae03256 )
	sh-posix shell script intermittently exits with a message
	"Invalid multibyte characters" when reading valid Japanese
	text.

	( SR:8606261003 CR:JAGae25325 )
	sh-posix shell can dump core if pid of a process is more
	than 10000 and if the process calls builtins from functions
	more than 10000 times.

	( SR:8606229085 CR:JAGad98139 )
	sh-posix removes here-doc files before right hand side of a
	pipe can read it.

	( SR:8606265151 CR:JAGae29479 )
	sh-posix (child of telnetd) loops infinitely when read()
	fails with EIO while reading from the terminal.

	PHCO_25597:
	( SR:8606179356 CR:JAGad48580 )
	POSIX shell does not work as expected .

	( SR:8606187645 CR:JAGad56852 )
	Incorrect positioning of cursor by sh-posix with
	command line editor set to "vi".

	( SR:8606224318 CR:JAGad93413 )
	Shell does not evaluate integer constants correctly.

	( SR:8606226614 CR:JAGad95679 )
	Scripts using eval special builtin exits for ALL errors.

	( SR:8606204298 CR:JAGad73477 )
	Posix Shell Hangs on on systems when directory names
	involving symbolic links are parsed.

	( SR:8606224303 CR:JAGad93398 )
	wordexp() performs incorrect word expansion removing
	newlines characters for command substitutions.

	PHCO_23871:
	( SR:8606187216 CR:JAGad56424 )
	    Shell core dumps on receiving an early SIGWINCH signal
	    during its startup.

	( SR:8606183159 CR:JAGad52375 )
	    When a function, that calls a return builtin
	    immediately after executing a nonshell builtin,
	    is executed with -c option, shell exits abruptly.

Defect Description:
	PHCO_30269:
	( SR:8606343885 CR:JAGaf04737 )
	A shell script reading data from a coprocess might hang.

	The problem can be reproduced as follows:
	$ cat script
	echo "hello" >/tmp/hello
	while :
	do
	   date
	   icount=1;
	   grep hello /tmp/hello |&
	   while read -p xyz
	   do
	      ((icount=icount + 1))
	   done
	done
	$ /usr/bin/sh ./script
	Mon Feb 23 12:19:17 IST 2004
	Mon Feb 23 12:19:17 IST 2004
	Mon Feb 23 12:19:17 IST 2004
	...

	This script might hang after random number of iterations.
	Under some circumstances, shell assumes that there is
	still some output of coprocess to be read even when
	coprocess has exited. Hence shell blocks while trying to
	read from the coprocess.

	Resolution:
	Now, on the exit of a coprocess, shell updates itself so
	that shell does not perform a blocking read.

	( SR:8606343892 CR:JAGaf04744 )
	In interactive shells, job control facility does not
	work for sequential lists.
	The problem can be reproduced as below.
	$ stty susp <Control-Z>
	$ sleep 100; sleep 100
	<Control-Z> <Control-Z>

	Monitor option is enabled in interactive shells by
	default. But when executing sequential lists, shell was
	temporarily setting off the monitor option. This makes shell
	to ignore the suspend character. This problem is present
	in while, until, for, select constructs also.

	Resolution:
	Now shell does not set/reset the current value of the
	monitor option when executing sequential lists.

	( SR:8606343893 CR:JAGaf04745 )
	Shell might overwrite existing files even when
	noclobber option is set.
	The noclobber option of shell prevents truncating
	existing files. There was a small time gap between
	checking of existence of file and creation of the file.
	Hence if a file was created by another process in this
	time gap, shell would overwrite the file even when
	noclobber option was set.

	Resolution:
	If noclobber option is set, shell now creates regular
	files in exclusive mode. Hence existing files, if any,
	will not be overwritten or truncated.

	( SR:8606350160 CR:JAGaf10981 )
	At the time of invocation sh-posix shell verifies whether
	the arguments to it contain any illegal multibyte characters
	and prints an error message & exit if it contains any
	illegal multibyte characters. While printing the error
	message, it is accessing a buffer for I/O which was not
	yet allocated and initialized. Hence it dumps core.

	The problem can be reproduced as follows:

	$ s=$( echo '\0364\060')
	$ LANG=ja_JP.SJIS ./sh -c $s
	Bus error(coredump)

	Resolution:
	The buffer for I/O is allocated and initialized before
	sh-posix starts processing the arguments.

	( SR:8606350935 CR:JAGaf11747 )
	Using $(..) or `..` with data length of 1022 characters
	in sh-posix script can cause part of the data to be lost.

	The problem can be reproduced as follows :
	$ /usr/bin/sh
	$ word_1022=`perl -e 'print "A" x 1022'`
	$ word="Have a nice day!"
	$ list_com=$(echo "${word_1022}")
	$ list_com=$(echo "${list_com}\n${word}")
	$ echo "$list_com"
	AAAAAAAA...AAAAA

	As we see, the expected output is :
	AAAAAAAA...AAAAA
	Have a nice day!

	Resolution:
	sh-posix shell has been modified to take care of the above
	scenario.

	( SR:8606352477 CR:JAGaf13282 )
	In sh-posix shell, "set -A" is used to unset the current
	variable and assign array elements to the variable.
	Before assigning the new values to the array variable,
	shell frees the memory associated with the existing array
	elements (if any) and allocates the memory for the new
	array elements.
	The code for freeing the memory of the existing array
	elements was returning without freeing the memory
	of the last element in the array causing the memory leak.

	The problem can be reproduced as follows:
	$cat leak.sh
	#!/usr/bin/sh
	typeset -i N=0
	while [[ $N -le $1 ]];do
	        set -A arr 1 2
	        (( N = N + 1 ))
	done
	UNIX95=1 ps -osz,comm -p$$; exit
	$
	The above script will print the size of the shell.

	2. Run the above script with the argument let's say
	1 and 50000 and compare the size of the shell. E.g.

	$/usr/bin/sh leak.sh 1
	 SZ COMMAND
	 85 sh
	$/usr/bin/sh leak.sh 50000
	 SZ COMMAND
	 581 sh
	$
	The 50000 iterations caused the Physical page size
	to grow, this is because of the memory leak.

	Resolution:
	Now the code for freeing the memory of the existing array
	elements is corrected such that it frees the memory of
	the last array element.

	PHCO_28832:
	( SR:8606303907 CR:JAGae67257 )
	The problem can be reproduced as follows :
	1. Set <Control-Z> as the suspend character.
	   $ stty susp <Control-Z>
	2. Invoke a command say, sleep 50.
	3. Issue a <Control-Z>
	   $ sleep 50
	   <Issue a Control-Z here>
	4. Now execute the jobs command.
	   $ jobs -l
	5. The output shows that sleep 50 is stopped.
	   [1] + <pid>       Stopped                     sleep 50
	6. Now, send a signal 0 to this stopped process.
	   $ kill -s 0 <pid>
	7. Execute the command - jobs once again.
	   $ jobs -l
	8. The output shows that the process is running.
	   [1] + <pid>        Running                    sleep 50

	Root Cause :
	Every process was sent a SIGCONT signal, without a
	check on the type of signal. Even when the signal
	received was 0, a SIGCONT was sent. According to
	man page, signal 0 is used to test the existence of
	the pid. No signal is actually sent to the process.
	Hence, the present behaviour is incorrect.

	Resolution:
	A check has been added to know if the received signal is 0,
	if so, SIGCONT is not sent to the process.

	( SR:8606312643 CR:JAGae75459 )
	The problem can be reproduced as follows :
	1. Install the kernel patch - PHKL_25993, on a 64-bit
	   11.11 machine.
	2. Set the value of the kernel tunable - maxdsiz to a
	   value greater than 0x7fffffff. Say, 0xc0000000.
	3. Since, this is not a dynamic tunable, rebuild the
	   kernel and reboot the machine.
	4. Execute ulimit -d.
	   $ ulimit -d
	5. This is supposed to return - 3145728. However, the
	   returned value in this case is - 4293918720.

	Root Cause :
	Initially, the maximum value that maxdsiz could be set was
	0x7fffffff. The datatype of the variable used to store
	the value of maxdsiz, could support the maximum value of
	0x7fffffff.The patch - PHKL_25993, allows maxdsiz to be
	set to a value greater than 0x7fffffff.

	Resolution:
	The data type of the variable used to store the value of
	maxdsiz is changed accordingly to store values greater
	than 0x7fffffff.

	( SR:8606234492 CR:JAGae03690 )
	The problem can be reproduced as follows :
	1. Create a file, say test.sh, in your current working
	   directory. Assure that this file has rwx permissions.
	   $ cat test.sh
	   #!/usr/bin/ksh
	   echo "In Current directory"
	2. Create another file with the same name, test.sh, in
	   /tmp directory. Assure that this file has only rw
	   permissions.
	   $ cat /tmp/test.sh
	   echo "In tmp directory"
	3. Set the PATH in such a way that, /tmp is searched
	   before current working directory.
	   $ export PATH=/tmp:.
	4. Now invoke test.sh from current working directory.
	5. The file executed will be /tmp/test.sh. Hence, the
	   output will be -
	   In tmp directory.

	Root Cause :
	The path resolution criteria for sh-posix(1) is
	different from ksh(1). In sh-posix(1), the
	execute permissions for the file is checked to
	validate, if the specified file can be run or not.
	However, in ksh(1) it is not checked.
	sh-posix(1), when trying to execute a file, test.sh,
	it resolves the path to current directory. Hence,
	test.sh is passed as the argument to /usr/bin/ksh.
	Now, for ksh(1), the path is not resolved yet. So,
	it resolves the path once again. Now, it resolves to
	/tmp/test.sh, which causes this to be executed.

	Resolution:
	A check has been issued to know if the script to be
	executed has /usr/bin/ksh as the interpreter. If so, and if
	the path resolved is current directory, ./ is prepended to
	the filename. So, ksh does not do a path resolution again.

	( SR:8606300146 CR:JAGae63614 )
	The problem can be reproduced as follows :
	1. Execute the following command.
	   $ sh -c "trap 'echo hi' 0;uname;trap"
	2. The expected behaviour is to display the traps set and
	   execute the command - echo hi, during exit. However,
	   here, the output displayed is -
	   HP-UX

	Root Cause :
	A backup of the trap commands that are set was not taken
	before executing the non-built-in command. These trap
	commands which were set initially, are reset during the
	execution of the non-built-in. Hence, the information
	related to traps were lost.

	Resolution:
	A backup of the trap commands are taken before the
	execution of the non-built-in and restored back once
	it is executed.

	( SR:8606309659 CR:JAGae72534 )
	The problem can be reproduced as follows :
	1. Create a file say, b.sh.
	   $ cat b.sh
	   function b {
	      return &
	   }
	   b
	   echo 1
	2. Create another file say, a.sh.
	   $ cat a.sh
	   . ./b.sh
	3. Now execute a.sh.
	   $ ./a.sh
	4. The output will be -
	   1
	   1

	Root Cause :
	All background jobs are executed as a child in sh-posix(1).
	Hence, the built-in - return is executed in child. Once,
	this is executed, child is supposed to exit. However,
	here the child continues to execute the remaining
	instructions.

	Resolution:
	Code has been modified, so that return in a child
	environment exits.

	( SR:8606333394 CR:JAGae94483 )
	The problem can be reproduced as follows :
	1. Execute the following -
	   $ typeset -i x
	   $ let "x = 010"
	   $ echo $x
	   8#10          # some scripts expect 10 here.
	2. Execute the following -
	   $ typeset -i y
	   $ ls >/dev/null 2>&1
	   $ let "x = $?"
	   $ echo $x
	   8#0          # some scripts expect 0 here.

	Root Cause :
	JAGad93413 enables let "..", $((..)), ((..)) to process
	expressions as per ISO C standards. This is required for
	sh-posix(1) to be Standard compliant.

	Resolution:
	Numbers beginning with 0 or 0x/0X are treated as octal and
	hexadecimal respectively, if and only if, UNIX95 flag is
	defined. Since the fix for JAGad93413 is to make
	sh-posix(1) standards compliant, the commands - let "..",
	$((..)), ((..)) works as per ISO C standards by default,
	and is the only behavior available for 11.22 and above
	releases. However, in order to maintain compatibility with
	already existing scripts on 11.11 and 11.00 the above fix
	is enabled only if environment variable UNIX95 is defined
	in the shell. It is also expected that customers writing
	standard compliant programs/scripts will enable this
	variable.This allows them to make use of full ISO-C
	standard behavior.If UNIX95 is not defined, the above
	mentioned commands will not recognize numbers beginning
	with 0 and 0x/0X as octal and hexadecimal respectively.

	PHCO_27345:
	( SR:8606276501 CR:JAGae40579 )
	Problem reproduction:
	1. On a sh-posix(1) interactive shell set the editor
	   mode to emacs.
	   $ set -o emacs
	2. Create and store a data to be yanked later.
	   $ abcdefghijklmnopqrstuvwxyz<Esc><space><Ctrl><A>
	   <Esc><p><enter>
	3. Type the command as shown below.
	   $ ls aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa....
	   <around 50 a's><enter>
	4. Insert the last word of the previous command
	   repeatedly as shown below.
	   $ <Esc><.><Ctrl><A><Esc><.><Esc><.><Esc><.>
	     <Esc><.><Esc><.><Esc><.><enter>
	5. Now yank the previously stored item.
	   $ <Ctrl><Y>

	The yanked data will be "aaaaaaaaaaaaaaaaaaa"
	instead of "abcdefghijklmnopqrstuvwxyz".
	Repeated typing of <Esc><.> in step 4 can cause
	sh-posix(1) to report memory fault.

	The problem was due to sh-posix(1) not checking
	the boundary limits of the input buffer when
	<Esc><.> is called resulting in buffer overflow.

	Resolution:
	The proper boundary check has been introduced
	for <Esc><.> .

	( SR:8606204395 CR:JAGad73577 )
	The problem can be reproduced as follows:
	Step 1. Invoke a new shell
	$/usr/bin/sh
	Step 2. Set the prompt string as follows
	PS1=`echo "\033]0;\`hostname\`\007"`$PS1
	Step 3. $set -o vi
	Step 4. Type some valid commands e.g ls
	Step 5. Recall the commands with ESC k . Observe
	that the prompt string will get garbled.
	The problem was because of shell trying to print
	prompt and adjust the cursor position to first column
	of window when prompt had some non printable characters.

	Resolution:
	Now the code is modified such that the prompt is
	not printed at first column when prompt string
	has any non-printable characters. Also a display
	problem when <esc>k is used with long command line,
	has been fixed.

	( SR:8606277532 CR:JAGae41602 )
	Problem reproduction :

	$sh -c "function f
	{
	cat << eof
	here doc file
	eof
	}
	f
	"

	$ll /var/tmp/sh[0-9]*.[0-9]*
	/var/tmp/sh15042.1

	The shell will do a vfork() in case of "sh -c
	<command>" . When a here-document is used inside
	a function, a flag is set indicating the presence
	of here-documents. In this case, the child from
	vfork() will reset the flag (which is shared by
	parent as well) resulting  in temporary files
	being left out.

	Resolution:
	A new test condition is added before vfork() is called
	to check the flag, which if set will call fork instead.
	This avoids corruption, with proper behavior.

	( SR:8606269405 CR:JAGae33640 )
	In sh-posix(1), output of long (>1024) multibyte
	string can cause the shell to loop or dump core.

	Problem reproduction:

	1. set the LANG env variable.
	   $ export LANG=ja_JP.SJIS
	2. Create a file as shown below and verify the cksum
	   $ cat error.33640
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXwww
	   wwwwwwwwwwww\n\n\n\n\n\t\t\t\t
	   $ cksum error.33640
	   3058171378 1046 error.33640

	3. set a variable msg to contents of above file and
	   execute posix shell
	   $ export msg=`cat error.33640`
	   $ sh
	4. echo the variables having the multibyte characters,
	   shell may hang or dump core here.
	   $ echo $msg\n
	   $ echo $msg
	   $ msg1=`cat error.33640`
	   $ echo $msg1\n
	   $ echo $msg1
	   $ echo $msg1\c
	5. print the variables having the multibyte
	   characters, shell may hang or dump core here.
	   $ print $msg\n
	   $ print $msg
	   $ msg1=`cat error.33640`
	   $ print $msg1\n
	   $ print $msg1
	   $ print $msg1\c

	Under certain circumstances, an array was accessed
	out of bounds resulting in core dump or hang.

	Resolution:
	Code has been modified to ensure that the array in
	question will not be accessed out of bounds.

	( SR:8606290665 CR:JAGae54511 )
	The problem can be reproduced as follows :
	Step 1. Create a script file :
	$cat script
	#!/usr/bin/sh
	date
	sleep 100
	echo 'sleep done'
	date
	Step 2. Run the created script in background.
	$./script &
	Step 3. Get the pid of the 'sleep' process as follows:
	$ps -ef | grep "sleep 100" | read OWN PID OTHER
	Step 4. Send 'STOP' signal to the sleep process.
	$kill -STOP $PID
	The script will come out displaying 'sleep done'.
	In case of sh-posix(1), if SIGSTOP is sent to a child
	process, inside a script, the script would continue
	without waiting for the completion of the child
	process. The correct behavior is that, the parent
	should wait for the child to complete. If we send
	SIGCONT to the child process, the child process
	and hence the script should continue its normal
	execution.

	Resolution:
	The code is modified such that in case of a non
	interactive shell ( script ), the parent will continue
	calling waitpid() to check the exit status of child,
	when child has been sent SIGSTOP.

	( SR:8606274899 CR:JAGae38976 )
	Problem reproduction:

	Following script will reproduce the problem :

	$cat scr
	while true
	do
	/usr/bin/sleep 15 >/dev/null &
	PID=$!
	wait $PID
	done

	$./scr

	The memory usage can be checked using top
	command.The memory usage increases cumulatively.

	If the pid of the background process is referenced using
	$!, then shell was not deleting the entry for that process
	in the exitlist even if the status is requested later in
	the script. This resulted in accumulation of unwanted
	exitlist entries if $! is repeatedly used in the script.

	Resolution:
	Now the code is modified such that after the script
	requests (using wait built-in) for the exit status of the
	process referenced through $!, the corresponding entry in
	the exitlist is deleted.

	( SR:8606287774 CR:JAGae51707 )
	Problem can be reproduced as follows :
	$cat scr
	#!/usr/bin/sh
	# place 2046 characters, without space or newline
	# in between
	m=`perl -e 'print "x" x 2046'` >/dev/null 2>&1
	# use the contents of above variable as input in
	# a here-document.
	cat <<eof  > actual
	$m
	eof
	echo $m> expected
	diff actual expected
	$./scr
	The result shows the difference in two files. You will
	see the intrusion of some extra characters in the actual
	file because of stack corruption.

	During the expansion of $m inside a here-document, the
	contents of the variable 'm' are placed on to the stack
	using the standard stack functions (which will ensure t
	the availability of necessary stack space). However, the
	trailing NULL was inserted directly without checking for
	the availability of stack space. This sometimes resulted
	in placing the trailing NULL outside the stack space which
	can be overwritten by some other data.

	Resolution:
	Now the code has been modified to use the standard
	function for placing NULL on to stack.

	( SR:8606285956 CR:JAGae49897 )
	sh-posix(1) does not handle the file-system related
	failures correctly.

	Resolution:
	The code has been modified to fix the defect.

	( SR:8606272215 CR:JAGae36355 )
	Problem reproduction:

	Run the following script :

	$cat scr
	FILE[10]="scr1.JAGae36355"
	TF="File is ${FILE[10]}"
	echo $TF

	$/usr/bin/sh -n scr

	The following error message will be displayed :

	"FILE: The specified subscript cannot be greater
	than 1024."

	The problem was due to an uninitialized variable
	which was checked for having a value in the
	range 0-1024, resulting in the error message.

	Resolution:
	The code has been modified to initialize the
	variable at the declaration. Also the value of
	the variable is checked to be within the range
	when '-n' option is not specified.

	( SR:8606215422 CR:JAGad84609 )
	The problem can be reproduced as follows:-
	$cat test.sh
	!#/usr/bin/sh
	echo hi &
	pid=$!
	(
	   echo hi&
	   wait
	   echo hi &
	   echo hi &
	)
	$/usr/bin/sh test.sh
	It hangs ...

	The sh-posix shell hangs since it enters into an infinite loop.
	This is happening because of data corruption.

	Resolution:
	Now, sh-posix takes care such that the data is not corrupted
	and hence the script doesn't hang.

	PHCO_27017:
	( SR:8606234035 CR:JAGae03256 )
	Problem:
	sh-posix shell script intermittently exits with a message
	"Invalid multibyte characters" when reading valid Japanese
	text.
	The problem may be reproduced by using the shell script as
	shown below:

	$ cat temp.3256
	export SHELL=/usr/bin/sh
	export LANG=ja_JP.SJIS
	ps -efl > psout
	typeset -i i
	let i=10#0
	while [ i -ne 1000 ]
	do
	AAA=$(cat ./psout)
	i=i+1
	done
	$ ./temp.3256
	Invalid Multibyte Characters
	$

	Note: The above script may have to be run several times
	to actually see the error message.

	Root cause:
	The index to a buffer was incremented even when read()
	failed. The character at the index in the buffer may
	not represent valid multibyte character. Hence the error
	message.

	Resolution:
	The code is modified so that, when read() is interrupted by
	a signal, the index to the input data buffer is not
	incremented. Also, reading of input is terminated on
	receiving EOF.  When there is a signal that causes the shell
	to terminate, error will not be displayed.

	( SR:8606261003 CR:JAGae25325 )
	Problem:
	The sh-posix shell can dump core if builtins are called from
	functions more than 10000 times.
	The problem can be reproduced by using the shell script as
	shown below:
	$ cat doit
	#! /usr/bin/sh

	typeset -i I=0

	foo()
	{
	CWD=`pwd`
	}

	while [ $I -lt $1 ]
	do
	(( I = I + 1 ))
	foo
	done
	$ ./doit 10000
	Bus error(coredump)

	Note: The above script may have to be run several times
	to actually dump core and the script may take more time
	to complete execution.

	Root cause:
	The buffer used to store the temporary files was limited
	to 10 bytes. The temporary file name was created using
	pid and serial number. If pid and serial number together
	combined was more than 10 digits, sh-posix coredumps.

	Resolution:
	The code has been modified to increase the length of
	temp files to accommodate maximum possible temp files.
	Now shell can create temp file names with each pid and
	serial numbers upto 10 digit values(maximum pid and
	integer values).

	( SR:8606229085 CR:JAGad98139 )
	Problem:
	sh-posix's here-document handling needs to be relooked
	because of the following problems.
	1.  Due to process scheduling issues and race conditions,
	sh-posix removes the here-document temporary files before
	the files are processed by the shells child processes.
	2.  sh-posix leaves the temporary files created for
	here-documents even after use.

	Root cause:
	The information of the presence of here-document was not
	set/reset properly leading to unnecessary
	deletion/restoration of temporary files.

	Resolution:
	1. The variable used to indicates the presence of
	here-document in the command is now a global variable,
	(previously it was a static variable) which allows it to be
	reset before parsing each command. Earlier it was reset in
	each part of the command, resulting in loss of information
	regarding the presence of here-document.

	2. Temporary files are now removed in a later stage of the
	process.

	3. Shifted the initialization of template for temporary
	files to the beginning of main(), to avoid resetting of the
	template everytime a script completed execution.

	4. In case of "sh -c" commands using here-documents, shell
	avoids the use of vfork(). This helps in avoiding the
	parent's data with respect to here-doc related variables

	( SR:8606265151 CR:JAGae29479 )
	Problem:
	The sh-posix will loop indefinitely (and hence consume
	CPU) if:
	1. The last signal sent to the shell was a SIGWINCH.
	2. There is a communications problem such that the shells
	attempt to read(2) from stdin results in an EIO error.

	Root cause:
	The variable used to verify that a SIGWINCH event occurred
	was never reset. Also the condition to verify that a
	SIGWINCH occurred wasn't enough to indicate that SIGWINCH
	had indeed happened.

	Resolution:
	Added a new condition for read() to continue when shell
	receives SIGWINCH. The previous condition for the same
	purpose was inadequate.

	PHCO_25597:
	( SR:8606179356 CR:JAGad48580 )
	The shell makes use of temp files with race condition.

	Resolution:
	The code has been modified to handle and create temporary
	files with appropriate permissions.

	( SR:8606187645 CR:JAGad56852 )
	With command line editor set to "vi", shell does not
	position the cursor properly when user tries to
	recall and edit a command that is greater than the
	width of the current terminal. This was due to
	improper positioning of the cursor by the shell
	on receiving <Esc>.
	How to reproduce:
	step 1: invoke the shell /usr/bin/sh
	step 2: type "set -o vi"
	step 3: type "ls 1234567890 1234567890 1234567890
	1234567890 1234567890" till command
	line is greater than the current terminal.
	step 4: now type <ESC>k<Shift>a<ESC>
	The terminal will display
	$ ls 1234567890 1234567890 1234567890 1234567890
	1234567890 123456789_
	The output does not show the last 0 - unexpected.Now
	if the user tries to modify the command by pressing
	a combination of <h> and <l> to move to a particular
	column the command appears garbled and make it
	difficult to modify.

	Resolution:
	Now repositioning of the cursor on <Esc> is handled
	properly.

	( SR:8606224318 CR:JAGad93413 )
	Shell does not process expression inside $((..)) as
	per ISOC standards.
	Shell should process expression inside $((..)) as
	per ISOC standards [ i.e., numbers starting with 0
	should be recognized as octal and starting with 0x
	or 0X should be recognized as hexadecimal ].
	The problem can be reproduced as follows:
	a. Type the following commands on command prompt.
	   echo $((0x10))
	   let "a=0x10"; echo $a
	   ((a=0x10)) ; echo $a
	   The shell will give an error
	   "sh: 0x10: The specified number is not valid for
	   this command."
	    instead of printing 16.
	b. Type the following command on command prompt.
	   echo $((010))
	   let "a=010"; echo $a
	   ((a=010)) ; echo $a
	    The shell gives  output "10" instead of "8".

	Resolution:
	Expressions inside $((..)) now recognize numbers
	starting with 0 and 0x as octal and hexadecimals.
	Since commands "let" and "((...))" are extensions
	provided by HP's shell, this functionality has
	been extended to these commands also.

	( SR:8606226614 CR:JAGad95679 )
	Script using eval special builtin exits for ALL
	errors. This defect was introduced by a fix done in
	order to satisfy the sh-posix(1) man page on special
	commands.
	The problem can be reproduced as follows:
	Run the following script.
	   Script - eval.sh.
	   #!/usr/bin/sh
	   count=1
	   while [ "$count" -ne 5 ]
	   do
	        eval cd /abc # /abc does not exist!!!
	        count=$(($count+1))
	   done
	   #script ends.

	   The shell gives
	   ./eval.sh[7]: /abc: not found
	   instead of
	  ./eval.sh[7]: /abc: not found
	  ./eval.sh[7]: /abc: not found
	  ./eval.sh[7]: /abc: not found
	  ./eval.sh[7]: /abc: not found

	Resolution:
	Now eval does not exit for all errors.
	The manpage has been corrected to indicate that
	only certain errors cause a script that contains
	them to abort.

	( SR:8606204298 CR:JAGad73477 )
	Shell hangs when directory names involving symbolic
	links are parsed (e.g: cd -P /bin, /bin is a symbolic
	link to /usr/bin) and the kernel is configured with
	AES compliance disabled.
	$ cat script
	PERL_PATHS="/bin"

	for path_item in $PERL_PATHS
	do
	  if cd $path_item 2> /dev/null; then
	     until [ "`pwd`" = "/" ]
	     do
	       cd -P ..
	# go up the *physical* path to look for directories
	       if [ $? -ne 0 ]; then
	          break
	       fi
	    done
	  fi
	done

	$ Modify the kernel to disable AES compliance
	echo 'hpux_aes_override/W 1'| adb -w /stand/vmunix /dev/mem
	$ sh ./script
	(Note that the shell hangs )
	The root cause for this hang is buffer overflow
	and heap corruption as some functions won't
	return a null terminated string when the kernel
	is configured with AES compliance disabled.

	Resolution:
	The problem was due to memory corruption. The code has been
	modified to handle the buffer overflow and heap corruption
	appropriately to resolve this defect.

	( SR:8606224303 CR:JAGad93398 )
	Shell does an improper newline deletion during
	command substitution.
	The user on entering
	$ echo "hello
	> $(echo)world"
	on command prompt obtains "helloworld"
	instead of
	$ hello
	world
	In general, trailing newlines are removed from the
	the output of command substitution removed. So,
	instead of removing trailing newlines resulting
	from command substitution shell is removing extra
	newlines not introduced by command substitution.

	Resolution:
	The fix is to remove only the trailing newlines
	obtained from command substitution.

	PHCO_23871:
	( SR:8606187216 CR:JAGad56424 )
	    sh-posix installs a signal handler for SIGWINCH.
	    The  signal handler tries to initialise variables
	    which are not yet allocated, which is done after
	    the signal handler is installed. This causes the
	    signal handler to dump core.

	Resolution:
	    The fix is to block the signal SIGWINCH before
	    the signal handler is installed and release it
	    after the required initializations and memory
	    allocations.

	( SR:8606183159 CR:JAGad52375 )
	    When a function, that calls a return builtin
	    immediately after executing a command, which is not a
	    shell builtin, is executed with -c option, shell
	    exits abruptly.

	Resolution:
	    When the following shell script is executed,
	     sh -c " function myfunc
	      {
	         ls
	         return
	      };
	      myfunc
	      echo hello
	     "
	    only ls(1) is executed. Shell aborts while
	    executing return inside myfunc().

	    This problem was caused due to global data
	    corruption caused by the vfork'd child. Now,
	    required data is saved before the vfork() and
	    restored after the child execution to resolve
	    the problem.

Enhancement:
	No (superseded patches contained enhancements)
	PHCO_25597:
	    Shell now recognizes octal and hexa numbers inside
	    arithmetic expression. This may have impact on some
	    of the scripts.

SR:
	8606179356 8606183159 8606187216 8606187645 8606204298
	8606204395 8606224303 8606224318 8606226614 8606229085
	8606234035 8606234492 8606261003 8606265151 8606269405
	8606272215 8606274899 8606276501 8606277532 8606285956
	8606287774 8606290665 8606300146 8606303907 8606309659
	8606312643 8606333394 8606343885 8606343892 8606343893
	8606350160 8606350935 8606352477 8606215422

Patch Files:
	
	OS-Core.CORE-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,
		v=HP:
	/usr/share/man/man1.Z/sh-posix.1

	OS-Core.UX-CORE,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
	/usr/bin/rsh
	/usr/bin/sh
	/usr/newconfig/sbin/sh

what(1) Output:
	
	OS-Core.CORE-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,
		v=HP:
	/usr/share/man/man1.Z/sh-posix.1:
		None

	OS-Core.UX-CORE,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
	/usr/bin/rsh:
		builtin.c $Date: 2004/05/10 03:01:02 $Revision: r11.
			11/7 PATCH_11.11 (PHCO_30269)
		macro.c $Date: 2004/05/10 03:03:13 $Revision: r11.11
			/6 PATCH_11.11 (PHCO_30269)
		cmd.c $Date: 2002/11/13 02:08:06 $Revision: r11.11/3
			 PATCH_11.11 (PHCO_27345)
		print.c $Date: 2004/05/10 03:02:16 $Revision: r11.11
			/4 PATCH_11.11 (PHCO_30269)
		service.c $Date: 2003/10/15 22:10:48 $Revision: r11.
			11/9 PATCH_11.11 (PHCO_28832)
		xec.c $Date: 2004/05/10 03:02:30 $Revision: r11.11/1
			2 PATCH_11.11 (PHCO_30269)
		main.c $Date: 2004/05/10 03:02:45 $Revision: r11.11/
			9 PATCH_11.11 (PHCO_30269)
		arith.c $Date: 2003/10/15 22:10:48 $Revision: r11.11
			/4 PATCH_11.11 (PHCO_28832)
		assign.c $Date: 2002/04/02 01:19:14 $Revision: r11.1
			1/2 PATCH_11.11 (PHCO_25597)
		defs.c $Date: 2002/11/13 02:08:18 $Revision: r11.11/
			4 PATCH_11.11 (PHCO_27345)
		edit.c $Date: 2002/11/13 02:08:40 $Revision: r11.11/
			5 PATCH_11.11 (PHCO_27345)
		emacs.c $Date: 2002/11/13 02:08:50 $Revision: r11.11
			/3 PATCH_11.11 (PHCO_27345)
		error.c $Date: 2002/11/13 02:09:02 $Revision: r11.11
			/5 PATCH_11.11 (PHCO_27345)
		fault.c $Date: 2004/05/10 03:01:17 $Revision: r11.11
			/5 PATCH_11.11 (PHCO_30269)
		growaray.c $Date: 2004/05/10 03:03:24 $Revision: r11
			.11/6 PATCH_11.11 (PHCO_30269)
		history.c $Date: 2002/11/14 07:22:10 $Revision: r11.
			11/3 PATCH_11.11 (PHCO_27345)
		io.c $Date: 2004/05/10 03:01:33 $Revision: r11.11/10
			 PATCH_11.11 (PHCO_30269)
		jobs.c $Date: 2004/05/10 03:01:49 $Revision: r11.11/
			11 PATCH_11.11 (PHCO_30269)
		streval.c $Date: 2002/04/02 02:32:42 $Revision: r11.
			11/2 PATCH_11.11 (PHCO_25597)
		string.c $Date: 2004/05/10 03:03:00 $Revision: r11.1
			1/4 PATCH_11.11 (PHCO_30269)
		strmatch.c $Date: 2001/05/16 04:21:54 $Revision: r11
			.11/1 PATCH_11.11 (PHCO_23871)
		test.c $Date: 2002/04/02 02:36:24 $Revision: r11.11/
			2 PATCH_11.11 (PHCO_25597)
		unassign.c $Date: 2004/05/10 03:03:33 $Revision: r11
			.11/2 PATCH_11.11 (PHCO_30269)
		vi.c $Date: 2002/11/13 02:11:15 $Revision: r11.11/6 
			PATCH_11.11 (PHCO_27345)
		$Revision: @(#) all R11.11_BL2004_0519_3 PATCH_11.11
			 PHCO_30269
		Wed May 19 23:37:02 PDT 2004 $
		Version M-11/16/88f
		$ B.11.11_LR  Jul 24 2003 00:43:31 $
	/usr/bin/sh:
		builtin.c $Date: 2004/05/10 03:01:02 $Revision: r11.
			11/7 PATCH_11.11 (PHCO_30269)
		macro.c $Date: 2004/05/10 03:03:13 $Revision: r11.11
			/6 PATCH_11.11 (PHCO_30269)
		cmd.c $Date: 2002/11/13 02:08:06 $Revision: r11.11/3
			 PATCH_11.11 (PHCO_27345)
		print.c $Date: 2004/05/10 03:02:16 $Revision: r11.11
			/4 PATCH_11.11 (PHCO_30269)
		service.c $Date: 2003/10/15 22:10:48 $Revision: r11.
			11/9 PATCH_11.11 (PHCO_28832)
		xec.c $Date: 2004/05/10 03:02:30 $Revision: r11.11/1
			2 PATCH_11.11 (PHCO_30269)
		main.c $Date: 2004/05/10 03:02:45 $Revision: r11.11/
			9 PATCH_11.11 (PHCO_30269)
		arith.c $Date: 2003/10/15 22:10:48 $Revision: r11.11
			/4 PATCH_11.11 (PHCO_28832)
		assign.c $Date: 2002/04/02 01:19:14 $Revision: r11.1
			1/2 PATCH_11.11 (PHCO_25597)
		defs.c $Date: 2002/11/13 02:08:18 $Revision: r11.11/
			4 PATCH_11.11 (PHCO_27345)
		edit.c $Date: 2002/11/13 02:08:40 $Revision: r11.11/
			5 PATCH_11.11 (PHCO_27345)
		emacs.c $Date: 2002/11/13 02:08:50 $Revision: r11.11
			/3 PATCH_11.11 (PHCO_27345)
		error.c $Date: 2002/11/13 02:09:02 $Revision: r11.11
			/5 PATCH_11.11 (PHCO_27345)
		fault.c $Date: 2004/05/10 03:01:17 $Revision: r11.11
			/5 PATCH_11.11 (PHCO_30269)
		growaray.c $Date: 2004/05/10 03:03:24 $Revision: r11
			.11/6 PATCH_11.11 (PHCO_30269)
		history.c $Date: 2002/11/14 07:22:10 $Revision: r11.
			11/3 PATCH_11.11 (PHCO_27345)
		io.c $Date: 2004/05/10 03:01:33 $Revision: r11.11/10
			 PATCH_11.11 (PHCO_30269)
		jobs.c $Date: 2004/05/10 03:01:49 $Revision: r11.11/
			11 PATCH_11.11 (PHCO_30269)
		streval.c $Date: 2002/04/02 02:32:42 $Revision: r11.
			11/2 PATCH_11.11 (PHCO_25597)
		string.c $Date: 2004/05/10 03:03:00 $Revision: r11.1
			1/4 PATCH_11.11 (PHCO_30269)
		strmatch.c $Date: 2001/05/16 04:21:54 $Revision: r11
			.11/1 PATCH_11.11 (PHCO_23871)
		test.c $Date: 2002/04/02 02:36:24 $Revision: r11.11/
			2 PATCH_11.11 (PHCO_25597)
		unassign.c $Date: 2004/05/10 03:03:33 $Revision: r11
			.11/2 PATCH_11.11 (PHCO_30269)
		vi.c $Date: 2002/11/13 02:11:15 $Revision: r11.11/6 
			PATCH_11.11 (PHCO_27345)
		$Revision: @(#) all R11.11_BL2004_0519_3 PATCH_11.11
			 PHCO_30269
		Wed May 19 23:37:02 PDT 2004 $
		Version M-11/16/88f
		$ B.11.11_LR  Jul 24 2003 00:43:31 $
	/usr/newconfig/sbin/sh:
		builtin.c $Date: 2004/05/10 03:01:02 $Revision: r11.
			11/7 PATCH_11.11 (PHCO_30269)
		macro.c $Date: 2004/05/10 03:03:13 $Revision: r11.11
			/6 PATCH_11.11 (PHCO_30269)
		cmd.c $Date: 2002/11/13 02:08:06 $Revision: r11.11/3
			 PATCH_11.11 (PHCO_27345)
		print.c $Date: 2004/05/10 03:02:16 $Revision: r11.11
			/4 PATCH_11.11 (PHCO_30269)
		service.c $Date: 2003/10/15 22:10:48 $Revision: r11.
			11/9 PATCH_11.11 (PHCO_28832)
		xec.c $Date: 2004/05/10 03:02:30 $Revision: r11.11/1
			2 PATCH_11.11 (PHCO_30269)
		main.c $Date: 2004/05/10 03:02:45 $Revision: r11.11/
			9 PATCH_11.11 (PHCO_30269)
		arith.c $Date: 2003/10/15 22:10:48 $Revision: r11.11
			/4 PATCH_11.11 (PHCO_28832)
		assign.c $Date: 2002/04/02 01:19:14 $Revision: r11.1
			1/2 PATCH_11.11 (PHCO_25597)
		defs.c $Date: 2002/11/13 02:08:18 $Revision: r11.11/
			4 PATCH_11.11 (PHCO_27345)
		edit.c $Date: 2002/11/13 02:08:40 $Revision: r11.11/
			5 PATCH_11.11 (PHCO_27345)
		emacs.c $Date: 2002/11/13 02:08:50 $Revision: r11.11
			/3 PATCH_11.11 (PHCO_27345)
		error.c $Date: 2002/11/13 02:09:02 $Revision: r11.11
			/5 PATCH_11.11 (PHCO_27345)
		fault.c $Date: 2004/05/10 03:01:17 $Revision: r11.11
			/5 PATCH_11.11 (PHCO_30269)
		growaray.c $Date: 2004/05/10 03:03:24 $Revision: r11
			.11/6 PATCH_11.11 (PHCO_30269)
		history.c $Date: 2002/11/14 07:22:10 $Revision: r11.
			11/3 PATCH_11.11 (PHCO_27345)
		io.c $Date: 2004/05/10 03:01:33 $Revision: r11.11/10
			 PATCH_11.11 (PHCO_30269)
		jobs.c $Date: 2004/05/10 03:01:49 $Revision: r11.11/
			11 PATCH_11.11 (PHCO_30269)
		streval.c $Date: 2002/04/02 02:32:42 $Revision: r11.
			11/2 PATCH_11.11 (PHCO_25597)
		string.c $Date: 2004/05/10 03:03:00 $Revision: r11.1
			1/4 PATCH_11.11 (PHCO_30269)
		strmatch.c $Date: 2001/05/16 04:21:54 $Revision: r11
			.11/1 PATCH_11.11 (PHCO_23871)
		test.c $Date: 2002/04/02 02:36:24 $Revision: r11.11/
			2 PATCH_11.11 (PHCO_25597)
		unassign.c $Date: 2004/05/10 03:03:33 $Revision: r11
			.11/2 PATCH_11.11 (PHCO_30269)
		vi.c $Date: 2002/11/13 02:11:15 $Revision: r11.11/6 
			PATCH_11.11 (PHCO_27345)
		$Revision: @(#) all R11.11_BL2004_0519_3 PATCH_11.11
			 PHCO_30269
		Wed May 19 23:37:06 PDT 2004 $
		Version M-11/16/88f
		$ B.11.11_LR  Jul 24 2003 00:43:31 $
		$ Version_11.11  May  3 2004 02:27:57 $

cksum(1) Output:
	
	OS-Core.CORE-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,
		v=HP:
	1357341683 45590 /usr/share/man/man1.Z/sh-posix.1

	OS-Core.UX-CORE,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
	2620920521 208896 /usr/bin/rsh
	2620920521 208896 /usr/bin/sh
	2688120942 409600 /usr/newconfig/sbin/sh

Patch Conflicts: None

Patch Dependencies:
	s700: 11.11: PHCO_28317
	s800: 11.11: PHCO_28317

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHCO_28832 PHCO_27345 PHCO_27017 PHCO_25597 PHCO_23871

Equivalent Patches: None

Patch Package Size: 460 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHCO_30269

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHCO_30269.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHCO_30269.  If you do not wish to retain a
	copy of the original software, include the patch_save_files
	option in the swinstall command above:

		-x patch_save_files=false

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHCO_30269.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHCO_30269.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHCO_30269.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions: None