Patch Name: PHNE_26267 Patch Description: s700_800 11.04 (VVOS) VVOS/Net IPSec/9000 Integration Patch Creation Date: 02/02/04 Post Date: 02/03/21 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: N/A Filesets: VirtualVaultOS.VVOS-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32,v=HP VirtualVaultOS.VVOS-KRN,fr=B.11.04,fa=HP-UX_B.11.04_64,v=HP VirtualVaultOS.VVOS-SHLIBS,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP VirtualVaultOS.VVOS-AUX-IA,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: Yes Status: General Release Critical: No Category Tags: defect_repair general_release Path Name: /hp-ux_patches/s700_800/11.X/PHNE_26267 Symptoms: PHNE_26267: This patch is to fix a privilege problem for IPSec/9000 GUI to run on VirtualVault. This patch also fixes an unresolved symbol problem with IPSec/9000 on VirtualVault. PHNE_21340: This patch contains enablement for IPSec/9000 on the VirtualVault. Defect Description: PHNE_26267: IPSec/9000 has changed its GUI and is making call to setsockopts() with SO_BROADCAST option, This requires netbroadcast privilege which was not there before. Also the signature of JNIEXPORT jint JNICALL Java_IPSecAuthChk_isNotRoot (JNIEnv *env, jclass class) has been changed to int C_IPSecAuthChk_isNotRoot (). Resolution: Add netbroadcast privilege to the potential privilege set of ipsec_mgr and raise the netbroadcast privilege before execing the ipsec_mgr. Change the signature of the function JNIEXPORT jint JNICALL Java_IPSecAuthChk_isNotRoot (JNIEnv *env, jclass class) to C_IPSecAuthChk_isNotRoot () in libipsecauthchk.sl library. PHNE_21340: The IPSec code needs to contain special processing for VVOS. For user space, these hooks manipulate privileges and check that the user is authorized to run the programs. For the kernel, these hooks allow the process's VVOS attributes to be queried and stored in the packet's message block. Resolution: Add IPSec integration libraries to VirtualVault. SR: 8606132488 8606237191 Patch Files: VirtualVaultOS.VVOS-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32,v=HP: /usr/conf/lib/libvvipsec.a VirtualVaultOS.VVOS-KRN,fr=B.11.04,fa=HP-UX_B.11.04_64,v=HP: /usr/conf/lib/libvvipsec.a VirtualVaultOS.VVOS-SHLIBS,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/lib/libvvipsec.1 /usr/lib/libvvipsec.sl /var/adm/ipsec_gui/lib/libipsecauthchk.sl VirtualVaultOS.VVOS-AUX-IA,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /etc/auth/system/files.fcdb/15.patches/21340_PHNE.fcdb /etc/auth/system/files.fcdb/15.patches/26267_PHNE.fcdb what(1) Output: VirtualVaultOS.VVOS-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32,v=HP: /usr/conf/lib/libvvipsec.a: $Source: kern/netsec/vv_ipsec.c, sysmisc, vvos_rose, rose0261 $ $Date: 00/03/27 08:29:02 $ $Revi sion: 1.2 PATCH_11.04 (PHNE_21340) $ VirtualVaultOS.VVOS-KRN,fr=B.11.04,fa=HP-UX_B.11.04_64,v=HP: /usr/conf/lib/libvvipsec.a: $Source: kern/netsec/vv_ipsec.c, sysmisc, vvos_rose, rose0261 $ $Date: 00/03/27 08:29:02 $ $Revi sion: 1.2 PATCH_11.04 (PHNE_21340) $ VirtualVaultOS.VVOS-SHLIBS,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/lib/libvvipsec.1: $Revision: Hewlett-Packard ISSL Level vvos_rose42 $ $Header: Hewlett-Packard ISSL Release vvos_r ose $ $Date: Tue Feb 5 15:07:45 EST 2002 $ $Source: lib/libvvipsec/vvipsec.c, libipsec, vvos_ro se, rose0270 $ $Date: 02/02/05 09:06:02 $ $R evision: 1.3 PATCH_11.04 (PHNE_26267) $ /usr/lib/libvvipsec.sl: $Revision: Hewlett-Packard ISSL Level vvos_rose42 $ $Header: Hewlett-Packard ISSL Release vvos_r ose $ $Date: Tue Feb 5 15:07:45 EST 2002 $ $Source: lib/libvvipsec/vvipsec.c, libipsec, vvos_ro se, rose0270 $ $Date: 02/02/05 09:06:02 $ $R evision: 1.3 PATCH_11.04 (PHNE_26267) $ /var/adm/ipsec_gui/lib/libipsecauthchk.sl: $Revision: Hewlett-Packard ISSL Level vvos_rose42 $ $Header: Hewlett-Packard ISSL Release vvos_r ose $ $Date: Tue Feb 5 15:07:45 EST 2002 $ $Source: lib/libipsecauthchk/ipsecauthchk.c, libipse c, vvos_rose, rose0270 $ $Date: 02/02/05 08: 43:33 $ $Revision: 1.3 PATCH_11.04 (PHNE_262 67) $ VirtualVaultOS.VVOS-AUX-IA,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /etc/auth/system/files.fcdb/15.patches/21340_PHNE.fcdb: $Revision: Hewlett-Packard ISSL 1.4 etc/auth/system/ files.fcdb/15.patches/21340_PHNE.fcdb, cmdsm isc, vvos_rose, rose0261 $ $Date: 00/04/24 1 0:14:36 $ /etc/auth/system/files.fcdb/15.patches/26267_PHNE.fcdb: $Revision: Hewlett-Packard ISSL 1.1 etc/auth/system/ files.fcdb/15.patches/26267_PHNE.fcdb, cmdsm isc, vvos_rose, rose0270 $ $Date: 02/02/05 0 0:04:47 $ cksum(1) Output: VirtualVaultOS.VVOS-KRN,fr=B.11.04,fa=HP-UX_B.11.04_32,v=HP: 2224294064 2000 /usr/conf/lib/libvvipsec.a VirtualVaultOS.VVOS-KRN,fr=B.11.04,fa=HP-UX_B.11.04_64,v=HP: 3032918278 2996 /usr/conf/lib/libvvipsec.a VirtualVaultOS.VVOS-SHLIBS,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: 2152702373 12288 /usr/lib/libvvipsec.1 2152702373 12288 /usr/lib/libvvipsec.sl 2643996656 12288 /var/adm/ipsec_gui/lib/libipsecauthchk.sl VirtualVaultOS.VVOS-AUX-IA,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: 3776068518 2708 /etc/auth/system/files.fcdb/15.patches/ 21340_PHNE.fcdb 2393598629 598 /etc/auth/system/files.fcdb/15.patches/ 26267_PHNE.fcdb Patch Conflicts: None Patch Dependencies: s700: 11.04: PHNE_21581 PHNE_21155 PHNE_21156 PHNE_21683 s800: 11.04: PHNE_21581 PHNE_21155 PHNE_21156 PHNE_21683 Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_21340 Equivalent Patches: None Patch Package Size: 80 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_26267 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_26267.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_26267. If you do not wish to retain a copy of the original software, use the patch_save_files option: swinstall -x autoreboot=true -x patch_match_target=true \ -x patch_save_files=false -s /tmp/PHNE_26267.depot WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_26267.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_26267.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_26267.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: This patch, in conjunction with four others, provides the needed functionality on the Virtualvault platform to support the IPSec/9000 product. The following patches, or their supersedes, are required to support IPSec/9000: PHNE_21340, PHNE_21581, PHNE_21155, PHNE_21156, and PHNE_21683. If any of these patches (or supersedes) are missing, IPSec/9000 will not function properly. Note that the IPSec/9000 software must also be installed in order to obtain IPSec functionality on Virtualvault.