Patch Name: PHNE_23068 Patch Description: s700_800 11.04 (VVOS) inetd(1M) cumulative patch Creation Date: 01/01/02 Post Date: 01/01/05 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: N/A Filesets: InternetSrvcs.INETSVCS-INETD,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair general_release Path Name: /hp-ux_patches/s700_800/11.X/PHNE_23068 Symptoms: PHNE_23068: Repackage HP-UX patch PHNE_21835 for VVOS 11.04. Based on HP-UX patch PHNE_21835: 1. JAGad03290 /SR 8606134150: inetd is not working properly. 2. JAGaa27205 /SR 5003424598: "swait" option was not documented in "inetd.conf.4" manpage. 3. JAGaa27237 /SR 5003426296: When a user changes the field "wait" to "swait" or vice-versa in the configuration file "/etc/inetd.conf", and runs "inetd -c" to reflect the above change, the same is not getting reflected. 4. JAGaa27203 /SR 5003426304: inetd was logging incorrect source address for the services in "swait" state. 5. JAGaa95817 /SR 8606147527: The listen backlog requested by inetd is too small. 6. JAGac40194 /SR 8606124802: Child inetd process may hang for non-root service on trusted 11.0 system. Based on HP-UX patch PHNE_17027: 1. Inetd does not detect that the services' listen socket is invalid. 2. On systems where auditing is enabled when inetd is started or stopped, user id displayed in the log is ???? instead of root. 3. Inetd may terminate in circumstances where it should not. 4. Inetd startup script /sbin/init.d/inetd does not handle exit codes consistently. When inetd is started, if there is any error the exit code is not printed. Defect Description: PHNE_23068: Repackage HP-UX patch PHNE_21835 for VVOS 11.04. Based on HP-UX patch PHNE_21835: 1. JAGad03290 /SR 8606134150: inetd is not working when a service in "swait" state is not working properly and there is only one service spawned by inetd before this service. Resolution: inetd code has been modified to make inetd work properly. 2. JAGaa27205 /SR 5003424598: "swait" option was not documented in "inetd.conf.4" manpage. Resolution: "inetd.conf.4" manpage has been updated to contain this information. 3. JAGaa27237 /SR 5003426296: With the command "inetd -c", inetd was not reconfiguring its database for the field change from "wait" to "swait" and vice versa in the file "/etc/inetd.conf". Resolution: During the reconfiguration of the service table for inetd now necessary modification has been done to reflect the change. 4. JAGaa27203 /SR 5003426304: For the services in "swait" state, inetd logs the source address of the previous service. If this is the first service spawned by inetd, it logs (0.0.0.0) instead. This is because inetd was logging the source address information without accepting the connection. Resolution: inetd is now logging a different message for the services in "swait" state. 5. JAGaa95817 /SR 8606147527: The listen backlog requested by inetd is too small. The value is hardcoded to 128. A busy Internet FTP download server could easily see more than 128 simultaneous connection requests come in. Resolution: Now the listen backlog has been increased from 128 to 1024. 6. JAGac40194 /SR 8606124802: When a request for the non-root service arrives, inetd forks a child which hangs prior to exec'ing the appropriate executable. This is because the libsec functions are not closing all the files they are opening. Resolution: Modified the inetd trusted systems code to close all file pointers opened by the libsec functions. Based on HP-UX patch PHNE_17027: 1. Inetd does not detect that a services' listen socket is invalid. Resolution: - Inetd now has additional checks for socket validity. 2. Convert a system to a trusted system and enable auditing on the system. When the "audit events" log is checked, user id column has an entry "????" instead of root. Resolution: - Auditing code was not present in inetd. Added code that does proper logging when auditing is enabled. 3. Inetd may terminate in circumstances where it should not. Resolution: - Inetd now detects the circumstances and doest not exit. 4. Inetd startup script prints proper exit code on erroneous shutdown whereas it does not print the exit code on erroneous startup. Resolution: - Changed the startup script to handle exit code on startup and shutdown consistently. SR: 8606134150 5003424598 5003426296 5003426304 8606147527 8606124802 5003426312 5003414375 5003353433 1653283622 Patch Files: InternetSrvcs.INETSVCS-INETD,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/sbin/inetd /sbin/init.d/inetd InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/share/man/man4.Z/inetd.conf.4 what(1) Output: InternetSrvcs.INETSVCS-INETD,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/sbin/inetd: Copyright (c) 1983 Regents of the University of Cali fornia. Revision: 1.12.214.3 Tue Aug 1 10:30:45 GMT 2000 Patch id: PHNE_21835 /sbin/init.d/inetd: $Revision: Hewlett-Packard ISSL 1.17 net/INETSVCS/sc ripts/inetd, hpuxinitscripts, vvos_rose, ros e0081 $ $Date: 01/01/03 18:18:34 $ inetd $Revision: 1.4.214.2 $ $Date: 96/10/08 13:24:2 9 $ InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/share/man/man4.Z/inetd.conf.4: None cksum(1) Output: InternetSrvcs.INETSVCS-INETD,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: 3440068225 61440 /usr/sbin/inetd 3020673063 1690 /sbin/init.d/inetd InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: 831194641 2881 /usr/share/man/man4.Z/inetd.conf.4 Patch Conflicts: PHNE_21155 Patch Dependencies: s700: 11.04: PHNE_18346 s800: 11.04: PHNE_18346 Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: PHNE_20747: s700: 10.20 s800: 10.20 PHNE_21699: s700: 10.24 s800: 10.24 PHNE_21835: s700: 11.00 s800: 11.00 Patch Package Size: 110 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_23068 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_23068.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_23068. If you do not wish to retain a copy of the original software, use the patch_save_files option: swinstall -x autoreboot=true -x patch_match_target=true \ -x patch_save_files=false -s /tmp/PHNE_23068.depot WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_23068.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_23068.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_23068.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: If PHNE_23068 is installed with any of the following ARPA Transport Patches: PHNE_21155 the defect fix provided for Service Request 5003426312 will no longer work. Service Request 5003426312 describes a specific case where a user supplied service is configured in /etc/inetd.conf(4) and is started in the swait state. In this case under certain circumstances inetd(1M) will loop trying to start the service. Note this is not the case with any of the Hewlett-Packard supplied Internet Services, such as telnetd, rlogind, ftpd, etc. This problem will be corrected when ARPA Transport patch PHNE_21155 is superseded.